The House Committee on Science, Space and Technology released a report that indicates that hackers believed to be from China had been attacking computers at the Federal Deposit Insurance Corporation.
The attacks occurred between the years 2010 and 2013 and were directed at different workstations including that of the chairman, general council and the chief of staff. These hacks were nonetheless never communicated with the US Computer Emergency Response Team. It was only after a different investigation into another data-related problem that this case was uncovered.
The FDIC, for some reason, could not report the attacks. The inspector general at that time, Jin Rymer, castigated FDIC officials for their failure to stick to their own policies concerning cyber breaches.
After looking closer at the incidents, the investigators came to the conclusion that there was some covering up done by the former FDIC CIO Russ Pittman.
Pittman seems to have hidden the severity if the attacks from the auditors and instructed employers to keep quiet about the incidents. This is suspected to have been done to avoid ruining the appointment of Martin Gruenberg as FDIC Chairman.
The first domino of bad news was topped when the Inspector General of FDIC was investigated after the Florida incident in October.
On the 23rd of October, 2015, it was discovered that there was a sizeable loss of sensitive information amounting to over 1200 documents. These included social security numbers belonging to more than 44,000 individuals.
The breach also involved over 30,000 banks and was carried out by an ousted employee who copied the data to a USB drive. Nevertheless, he was caught but still retained possession of the data. After making a sworn statement that he did not distribute the information in any way, the case was dropped.
But Gruenberg disputed the extent of the data that was legally stolen by the employee, stating that the data contained only 10000 individuals and entities. This was in opposition to the findings of the FDIC’s office which showed that the number of affected individuals was much higher than 10000.
There were other reports of five additional breaches in May, says the report. The FDIC only acted on these after the news reached a congressional hearing.
About 50 percent of FDIC employees are allowed to have flash discs. However, there are no measures put in place to make sure that these do not share any information apart form an affidavit they have to sign.
In order to build more security, there is an unfolding initiative were 3000 laptops will be acquired for the employees, for their supposed safety over desktops.