The US Office of the Comptroller of the Currency has revealed that a staffer took over 10,000 activity and staff records with him before he retired in November 2015. The former employee downloaded a "large number" of files to two thumb drives. OCC spokesperson said that information on the drives is "related to OCC activities and employees."
Government data breach: staffer took over 10,000 records
Government data breaches aren't always the work of cyber criminals or foreign intruders, as staffers are also frequently found engaging in activities that prove to be threatening to these agencies.
The breach was detected in September this year when the US bank regulator was carrying out a two-year review of employees downloading information, in an effort to minimize cyber threats. When asked about the data, employee said he couldn't find the drives to give them back.
While a "major incident," there is no high risk. OCC has said that the data on the thumb drives is encrypted and there is no evidence of it being disclosed or misused. The spokesperson also said there is "no indication that there was bank customer information among the files removed." The breach, however, has been reported to Congress and government agencies, including the Department of Homeland Security. Government agencies are required to report all major incidents to Congress, this being the first such report for the OCC.
Before this leak was discovered, OCC implemented a policy in August 2016 that prevents employees from transferring data to removable storage drives without a supervisor's approval. But, this incident occurred before the policy was implemented.
Since October 2015, the Federal Deposit Insurance Corporation (FDIC) has revealed to Congress seven breaches resulting from employees who leave the agency, taking sensitive data with them. While a first for OCC, it is likely that this isn't the only breach. The retrospective review is still underway, which will further give an insight whether this was an exceptional case or if OCC employees regularly copied critical data, even if encrypted.