A recent data breach at the Federal Deposit Insurance Corporation (FDIC) is just one of many that have occurred in the past several months. The banking regulator is now under fire for its responses following a slew of breaches involving more than 10,000 sensitive and private data records. The FDIC was questioned about the breaches on May 12, 2016, during a hearing held by the House of Representatives Subcommittee on Oversight. Representatives criticized the FDIC, suggesting that it handled the incidents too slowly, did not notify Congress in a timely manner and failed to provide requested documents.
The FDIC was also criticized for failing to notify its employees who were affected by the breaches. It is estimated that the personal data of approximately 160,000 people have been impacted by these breaches, which occurred between October 30, 2015, and the present. The information includes names, bank account numbers and, possibly, social security numbers. According to Republican Representative Barry Loudermilk, chair of the subcommittee, the FDIC has still not notified any of these employees that their private information may have been compromised.
Evidence shows that at least seven recent breaches were caused by former employees as they were leaving the FDIC. The FDIC maintains that these breaches occurred inadvertently, but Congress is skeptical that the breaches were not intentional. One case is allegedly the subject of a criminal investigation. While the FDIC has indicated that it is completing a “top to bottom review” of its technology information policies, it appears that Congress will continue to apply pressure to the FDIC related to its response and handling of these breaches. According to Rep. Loudermilk in the subcommittee’s press release, the American people “have good reason to question whether their private banking information is properly secured by the FDIC.”