Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Bank Regulator Notifies Congress of Major Data Security Breach (metro.us)

Posted by BeauHD on from the impending-doom dept.

A U.S. banking regulator says an employee was found to have downloaded a large number of files onto thumb drives a week before he retired. When the former employee was contacted, the Office of the Comptroller of the Currency said he "was unable to locate or return the thumb drives to the agency." The reassuring news is that the information appears to not have been disclosed to the public or misused in any way, according to the OCC. Metro.us reports: Before he retired in November 2015, the former employee downloaded a large number of files onto two removable thumb drives though the incident was only detected last month during a routine security review, the OCC said in a statement. The stolen data was encrypted, the agency said. The Office of the Comptroller, along with the Federal Reserve and Federal Deposit Insurance Corporation, is one of the nation's three most influential bank regulators that is tasked with protecting consumers and financial markets. The OCC has deemed the breach a "major incident" because the devices containing the information are not recoverable and more than 10,000 records were removed, the agency said. The official, who was not authorized to discuss the case, noted that a large batch of unclassified personnel records were among the cache.

1 of 48 comments (clear)

  1. Re:Proves my concerns by grumpy-cowboy · · Score: 4, Insightful

    The problem is not the access to the USB drive but the easy access to the data. Only a printer is required to steal data mass data (or a pen/paper if you're really motivated!).

    As a freelancer, I can assure you that in all insurance companies I worked as a contractor I had access to the WHOLE clients databases easily : Samba drives on production server open to everyone, access to production databases (like every other IT employees in the company), services exposes wide open (REST/SOAP services, app server communication channel (WebLogic t3 for example), ...), shared "tmp/exchange" drives where production batch put stuff in it "temporary", ..

    USB devices is not the problem. Easy access to data for everyone in the company is the problem.

    --
    Will $CURRENT_YEAR be the year of the Linux Desktop?