FDIC hit with more than 50 security breaches over two years

A new report from the Office of Inspector General has brought another wave of cybersecurity woes to the Federal Deposit Insurance Corp.
Written by Natalie Gagliordi, Contributor
Picasa 3.0

The Federal Deposit Insurance Corp. (FDIC) is facing another wave of cybersecurity woes this week following a new report from the Office of Inspector General.

The report says the FDIC may have suffered more than 50 security breaches in 2015 and 2016 that compromised personal information on hundreds of thousands of US citizens.

What's equally concerning is the FDIC's seemingly lackluster response to some 54 suspected or confirmed breaches over those two years. The report concludes that the FDIC took an average of 288 days -- or more than 9 months -- to notify individuals potentially affected by the hacks.

Moreover, the FDIC apparently did not complete key breach investigation activities like impact and risk assessments in the timeframe required by the Data Breach Handling Guide (DBHG) -- the breach response protocol that the FDIC itself set up.

The delayed response is problematic, according to the report, because "the longer it takes to complete breach investigation activities and notify potentially affected individuals, the greater the risk of harm that may come to individuals because they cannot quickly take proactive actions to protect themselves."

For those who don't know, the FDIC is a government corporation that insures deposits in US banks up to $250,000. The insurance scheme was set up to help prop up the banking industry in case of breaches, thefts, or banking failures.

The FDIC has been under fire for more than a year regarding a bevy of security incidents that were not reported to the proper congressional committees until months after they were discovered. At least seven of the incidents occurred when outgoing FDIC employees left the agency with downloaded files of personally identifiable information, including Social Security numbers and loan and banking information of US citizens.

Editorial standards