FDIC soft-pedaled data breaches to Congress, watchdog reports

23 May 2018 8:42am

4 May 2018. By Neil Roland.

The US Federal Deposit Insurance Corp. misled lawmakers about the severity of data breaches that potentially compromised personal information of 121,633 bank customers, a watchdog said.

The FDIC’s inspector general said the banking regulator also delayed reporting to Congress in 2015 and 2016 about these eight incidents, in which employees improperly took confidential information shortly before leaving the agency.

The FDIC made “broad characterizations” to lawmakers that “were sometimes inaccurate and imprecise, and tended to diminish the potential risks,” the recent 249-page report said.

The information provided was also often incomplete, as the FDIC failed initially to  search its e-mail vault for records requested by the House Science, Space and Technology Committee.

The special internal inquiry faulted FDIC system weaknesses and found “shortcomings” in the performance of three unidentified former staffers “in key leadership positions.”

Customer delays

The report said the FDIC not only was late in responding to lawmakers but failed to notify affected customers for at least eight months after discovering the breaches, and sometimes waited more than a year.

In one breach, an employee copied without authorization confidential components of sensitive resolution plans onto an unencrypted storage device and took the information upon abruptly resigning, the inspector general has said.

The employee was later charged criminally with theft of government property.

In another incident, an employee used a storage device to copy more than 10,000 documents, including more than 10,000 Social Security numbers, upon his departure from the agency, according to the watchdog.

Official response

FDIC Chairman Martin Gruenberg, responding to the report about the agency’s  lapses, said it has implemented “a number of improvements.”

“These matters will continue to receive our full attention and resources,” he added.

The regulator conducted its first exercise last December on how to respond to possible future breaches, Gruenberg said.

The inspector general issued 13 recommendations for FDIC changes. Gruenberg said the agency intends to implement them all by the end of the year.

Fintech Regulation in 2018