The FDIC Invokes New Policies Following Data Breaches
Whenever any kind of negative situation occurs, regardless of where or how or who was affected, there is always an opportunity for a silver lining. When it comes to cybersecurity and data theft, that opportunity turns into the need to take a hard look at what happened, what could have prevented it, and what changes need to be made moving forward. Dwelling on the past or pointing fingers rarely accomplishes anything, but taking a positive approach towards better prevention is always a good idea.
That’s a lesson the FDIC has had to learn. The Federal Deposit Insurance Corporation, better known to most people by its letters on the doors of every regulated US bank, oversees banking practices in the US and provides some measure of quality control and insurance for both the bank and its customers.
But a series of events in the past few years has now resulted in FDIC Chairman Martin Gruenberg being called before Congress to testify about a number of changes that needed to be made. He spoke to the House Science, Space, and Technology Committee this month about hacking, data breach reporting, inside job attacks, and other practices that needed to be addressed.
According to the report from the committee, data breaches at banks going back as far as 2010 went unreported, as well as possible breaches of the FDIC itself by a group believed to be Chinese operatives. A more recent inside job breach came about in 2015 after an FDIC employee stole sensitive information about specific major banks, including the step-by-step plans in the event of their own bankruptcies that they’d filed with the FDIC, then downloaded that content to a thumb drive.
As a result of the Congressional hearing on the matter, the FDIC is taking action. There have been personnel changes, according to Gruenberg, due to a failure to keep him updated on data breaches and what apparently amounted to an intentional cover-up of breaches affecting banks and the FDIC. Other cybersecurity policies have been drafted to prevent data loss and other threats, notably from those with inside access to the information. The chairman provided an October 2016 timeframe to have the policies drafted and put in place.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.