Widespread data breaches used to be a dime a dozen in the headlines, but things have gone (relatively) quiet over the last few months. Unfortunately, for the Federal Deposit Insurance Corporation, it turns out that that respite was only because they’re learning about past breaches now.
The Washington Post reported that the FDIC is disclosing to Congress the presence of at least five major data breaches that occurred sometime between now and Oct. 30, 2015. Though details are still scarce, the FDIC noted that each case was not of the run-of-the-mill hacking variety. Instead, in each incident, an FDIC employee soon to leave the agency had inadvertently downloaded the personal details of over 10,000 individuals and then proceeded to take that data outside of the FDIC’s control.
Despite the breaches, the FDIC is maintaining that none of the accessed information was shared illicitly, just as it believes none of the employees downloaded the data with untoward activities in mind.
While the exact number of people affected by the breaches is unknown, the FDIC chose to categorize the cases as “major incidents” in which at least 10,000 individuals are confirmed to be affected. In April, the FDIC disclosed the occurrence of a breach by similar means that affected 44,000 agency employees, which makes seven total dating back to the original on Oct. 30.
As the FDIC and industry watchdogs wait for more details to emerge on the breaches, the agency has already adjusted security policies to deal with its evidently remote storage-happy employees.
“As of early April, if an FDIC employee connects removable media to his or her computer, it is blocked,” reads a memo obtained by The Washington Post.
Time will tell whether that’s enough protection for the FDIC or whether it’ll be reverting to floppy disks to at least limit the data scope of any successive leaks.