FDIC Takes New Initiative on Data Security Following Breaches

All Banking Law, All in One Place. Bloomberg Law: Banking is the comprehensive research solution that powers your practice with access to integrated banking-related legal news, analysis,...

By Jeff Bater

May 9 — The Federal Deposit Insurance Corp. (FDIC) announced a new initiative to enhance security as a House committee continues to investigate data breaches involving the regulator.

A media report in April revealed that the personal information of 44,000 FDIC customers was breached by an employee leaving the agency; the breach occurred in February and was outlined in an internal FDIC memorandum.

On May 9, the FDIC said it reported to Congress five additional security incidents since October 2015. Those five are being reported now retroactively because the cases were closed before an FDIC Office of Inspector General decision in February to define a major incident as one involving at least 10,000 records. The FDIC document made clear the agency considered the incidents to be low-risk in nature.

“We take data security very seriously and are always looking for ways to improve and provide a more secure environment,” the FDIC said in the document announcing the new security initiative.

The initiative involves the use of software across the agency to force encryption of portable devices and the hiring of a third party to assess FDIC information technology security and privacy programs.

Previously, the regulator had revised its policy prohibiting the use of mobile media devices for the majority of its employees. “As of early April, if an FDIC employee connects removable media to his or her computer, it is blocked,” an agency document released May 9 said.

The agency's announcement came before a hearing scheduled for May 12 by the House Committee on Science, Space and Technology's oversight subcommittee.

The hearing will examine recent data breaches at the FDIC. The subcommittee said it will also look at “broader issues surrounding the FDIC's cybersecurity posture.”

Witnesses slated for the hearing include Lawrence Gross Jr., chief information officer and chief privacy officer at the FDIC; and Fred W. Gibson, acting inspector general of the FDIC.

To contact the reporter on this story: Jeff Bater in Washington at jbater@bna.com

To contact the editor responsible for this story: Mike Ferullo at mferullo@bna.com