The Office of the Comptroller of the Currency (OCC) disclosed it was hacked in September, reported The Wall Street Journal last week.
According to the report, the banking regulator said the data breach had to do with a former employee at the agency removing more than 10,000 records without receiving authorization to do so. The incident occurred in Nov. 2015 when the ex-employee downloaded a large number of files onto two thumb drives. The employee then retired from the agency. The data on the thumb drives was encrypted, and there isn’t evidence that shows the data taken was misused or disclosed to anybody.
WSJ cited an OCC spokesman as saying the data included information “related to OCC activities and employees.” The spokesman said there is “no indication that there was bank customer information among the files removed.” The OCC said that, once it found the data breach, it referred the case to the Treasury Department’s Inspector General’s office. A review by the OCC concluded it was a “major incident,” involving greater than 10,000 records and potentially exposing personal information. The former employee was identified as a retiree, noted the report. The OCC, according to WSJ, noted the compromise hasn’t “adversely affected” the agency’s internal operations. The House Committee on Science, Space and Technology, one of the congressional panels notified of the breach, said it is monitoring the OCC’s response to the incident, the paper reported. A committee spokeswoman said it will work to ensure the OCC “responds to the incident appropriately, remediating any potential damaging effects to sensitive information” housed on its systems, added WSJ.
The breach at the OCC comes after a series of breaches at the Federal Deposit Insurance Corp., which has prompted lawmakers to spend part of 2016 looking into shortfalls in FDIC cybersecurity policies.