US Bank Authority Reports a Major Security Breach

The US Office of the Comptroller of the Currency has revealed that a staffer took over 10,000 activity and staff records with him before he retired in November 2022. The former employee downloaded a "large number" of files to two thumb drives. OCC spokesperson said that information on the drives is "related to OCC activities and employees."

Government data alienation: staffer took over x,000 records

Authorities information breaches aren't always the piece of work of cyber criminals or foreign intruders, every bit staffers are also frequently found engaging in activities that prove to exist threatening to these agencies.

The alienation was detected in September this year when the Us bank regulator was carrying out a ii-year review of employees downloading information, in an try to minimize cyber threats. When asked about the data, employee said he couldn't find the drives to give them back.

While a "major incident," at that place is no high gamble. OCC has said that the data on the thumb drives is encrypted and there is no evidence of it being disclosed or misused. The spokesperson also said at that place is "no indication that there was bank customer information among the files removed." The breach, withal, has been reported to Congress and government agencies, including the Section of Homeland Security. Regime agencies are required to report all major incidents to Congress, this being the first such written report for the OCC.

Before this leak was discovered, OCC implemented a policy in Baronial 2022 that prevents employees from transferring data to removable storage drives without a supervisor'due south blessing. Only, this incident occurred earlier the policy was implemented.

Since October 2022, the Federal Eolith Insurance Corporation (FDIC) has revealed to Congress seven breaches resulting from employees who leave the agency, taking sensitive data with them. While a first for OCC, it is likely that this isn't the only breach. The retrospective review is still underway, which will further requite an insight whether this was an infrequent case or if OCC employees regularly copied disquisitional data, even if encrypted.