The U.S. Treasury’s Office of the Comptroller of the Currency has notified Congress and other federal agencies of a major information security incident, in which a former employee downloaded more than 10,000 records onto personal USB drives.
While the OCC does not believe that the data has been misused, last week it notified the Director of Office of Management and Budget, the Secretary of Homeland Security, the head of the Government Accountability Office, as well as Congress. Disclosure of the incident was given as required by the Federal Information Security Modernization Act (FISMA).
The downloads occurred in November of 2015 and were first detected in September 2016 during an audit of employee downloads.
In response, the OCC implemented new policies and technical safeguards starting in April 2016. The comptroller’s office now believes the new oversight will prevent similar events from occurring in the future.
The use of personal devices and removable media by government employees has come under scrutiny at all levels of the government in recent years.
The OCC is an independent bureau within the U.S. Department of the Treasury whose primary purpose is to ensure the safety and soundness of America’s national banking system. It also fosters competition among U.S. banks, and helps to ensure equal access to financial services.