US Banking Regulator Suffers A Major Breach of Confidential Data

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

A former supervisor working for the US Office of the Comptroller of the Currency downloaded confidential information on portable computer storage devices that haven’t yet been recovered, the agency said recently in a statement.

Before retirement, the employee downloaded “more than 10,000 records” about the regulator’s activities and some personal information about staff members, the OCC said. The November 2015 breach by the unidentified supervisor was discovered last month in a review of agency security matters, and the former employee was unable to find and turn over the devices.

“There is no evidence to suggest that any non-public OCC information, including any personally identifiable information or controlled unclassified information has been disclosed to any member of the public or misused in any way,” according to the OCC statement.

The information downloaded was encrypted to make it difficult to access by outsiders. Though the agency has no evidence that the employee shared the data with anyone, the OCC determined it qualified as a “major incident” that required it to be reported to Congress and other federal officials.

Since the incident, the OCC said it adopted policies in August that prevent such information to be downloaded to personal devices known as thumb drives. The agency is still conducting a review for any similar downloads, it said.

Similar employee-involved data breaches have drawn recent attention to another banking agency, the Federal Deposit Insurance Corp. Employees there have also departed with sensitive information on the same kinds of portable devices.

Information Management

 

« More Insecure Email: Clinton Camp Blasts FBI Director
No Need To Shoot Down Drones – Just Hijack Them »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

MonsterCloud

MonsterCloud

MonsterCloud is a leader in managed cyber security services. Our cyber security team constantly monitors and protects businesses from cyber threats.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.