Congressional Report Finds FDIC Data Breach Response Obstructed Congressional Oversight

Tom Randall
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

On July 12, the U.S. House of Representatives Committee on Science, Space, and Technology (the “Science Committee”) released a report regarding its investigation of an October 2015 data breach and the subsequent response of the Federal Deposit Insurance Corporation (“FDIC”).  The Science Committee’s report found that the FDIC’s cybersecurity practices were deficient and that its responses to the Science Committee’s requests for information were deliberately evasive and constituted willful obstruction of the investigation.  On July 14, FDIC Chairman Martin Gruenberg testified before the Science Committee, admitting that the FDIC’s response to the October breach was marked by several failures. 

On October 15, 2015, an FDIC employee copied personally identifiable information affecting more than 71,000 individuals and entities onto a portable storage device prior to departing the FDIC’s employment.  The FDIC referred the incident to the Office of Inspector General (“OIG”) in November 2015, but did not notify the Science Committee (as required under Office of Management and Budget guidelines for a breach of that size) until February 26, 2016. 

The FDIC’s February letter to the Science Committee characterized the October breach as affecting over 10,000 individuals, but the OIG later determined that the breach was much larger than the FDIC had reported.  Additionally, in an April briefing to Science Committee staff, FDIC staff misrepresented the former employee’s behavior as accidental.  In May, the FDIC’s Chief Information Officer Lawrence Gross testified that the former employee was “not computer proficient.”  However, the OIG’s report showed that the individual had in fact intentionally copied the files and possessed a graduate degree in Information Technology Management. 

These mischaracterizations, combined with the FDIC’s response to several other incidents, contributed to the Science Committee’s finding that FDIC Chief Information Officer Gross has contributed to a “toxic work environment,” resulting in a history of failing to take steps to prevent data breaches.  FDIC Chairman Gruenberg told the Science Committee on July 14 that the FDIC is working on taking corrective actions to minimize the potential for similar incidents.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide