US Banking Regulator Suffers A Major Breach of Confidential Data

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

A former supervisor working for the US Office of the Comptroller of the Currency downloaded confidential information on portable computer storage devices that haven’t yet been recovered, the agency said recently in a statement.

Before retirement, the employee downloaded “more than 10,000 records” about the regulator’s activities and some personal information about staff members, the OCC said. The November 2015 breach by the unidentified supervisor was discovered last month in a review of agency security matters, and the former employee was unable to find and turn over the devices.

“There is no evidence to suggest that any non-public OCC information, including any personally identifiable information or controlled unclassified information has been disclosed to any member of the public or misused in any way,” according to the OCC statement.

The information downloaded was encrypted to make it difficult to access by outsiders. Though the agency has no evidence that the employee shared the data with anyone, the OCC determined it qualified as a “major incident” that required it to be reported to Congress and other federal officials.

Since the incident, the OCC said it adopted policies in August that prevent such information to be downloaded to personal devices known as thumb drives. The agency is still conducting a review for any similar downloads, it said.

Similar employee-involved data breaches have drawn recent attention to another banking agency, the Federal Deposit Insurance Corp. Employees there have also departed with sensitive information on the same kinds of portable devices.

Information Management

 

« More Insecure Email: Clinton Camp Blasts FBI Director
No Need To Shoot Down Drones – Just Hijack Them »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

XM Cyber

XM Cyber

XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

Yellow Brand Protection

Yellow Brand Protection

Yellow Brand Protection operates 24/7 to protect brands' Intellectual Property (IP) from infringements on all kinds of online distribution channels.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Stanley Reid & Company (SRC)

Stanley Reid & Company (SRC)

Stanley Reid & Co is an Executive and Technical Search Firm serving the commercial market and the US Intelligence & Defense community. Our areas of expertise include Cybersecurity.

Nostra

Nostra

Nostra are a next generation managed services provider with a constant focus on Security and Business Continuity.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Steryon

Steryon

Steryon is an innovative Cyber Resilience & Risk Management Platform for Cyber-Physical Systems (CPS), tailored for industrial infrastructures.