According to a new Congressional Report, there is bad news, worse news and worst news when it comes to the cyber-security situation at the Federal Deposit Insurance Corporation.
The bad news is that Chinese hackers were able to gain access to their systems care of 12 computers and 10 back room servers. The worse news is that the agency’s top officials were among those whose computers were accessed – including the FDIC chairman, his chief of staff, and the general counsel. And the worst news – when faced with the evidence that a breach had occurred, the FDIC tried to cover it up instead clear it up.
Specifically, the House Science, Space and Technology Committee contends that FDIC employees knowingly and intentionally provided false information about a cybersecurity incident in an effort to confuse regulators.
The report further notes that employees avoided inquiries by Congress and that whistleblowers were retaliated against.
“The FDIC’s intent to evade congressional oversight is a serious offense,” said Rep. Lamar Smith (R-TX), the committee’s chairman, in the report. “Major improvements need to be made to the FDIC’s cybersecurity mechanisms.”
The committee further noted it had serious issues with the FDIC making “gross misrepresentations” regarding how many people and companies were impacted. Employees at the FDIC were also accused of making up a story about the incident in Florida, with the committee saying the staff created a narrative to sway it from continuing an inquiry into breaches.
“The committee’s investigation is ongoing. We will continue to work towards increasing transparency at the agency and hold the FDIC accountable,” Rep. Smith said in a press release announcing the report. “Americans should be able to trust the agency with their sensitive banking information. The committee looks forward to hearing explanations from the FDIC chairman tomorrow and what changes he plans to make.”
As of yet, the FDIC has offered no official public comment on the matter – though internal interviews have indicated that leadership acknowledges that it “did not accurately portray the extent of risk” to Congress. They have further vowed to improve their overall record keeping.