FDIC employees' data stolen
- By David Perera
- Jun 17, 2005
Thieves have stolen the personal data of thousands of current and former Federal Deposit Insurance Corp. employees.
Social security numbers, dates of birth and names of anyone with official FDIC pay status as of July 2002 were among the information stolen. The
thieves have already used the information to obtain fraudulent loans from a credit loan "in a small number of cases," according to the agency.
Officials of the bank account insurer describe the theft as an "unauthorized release" of personal information, rather than a hacking incident. "This
breach was not the result of a failure of our information systems security programs," said Arleas Upton Kea, director of the agency's administration
division, in a June 10 letter to current and former FDIC employees.
The information was stolen during early 2004, Kea said. Agency officials only recently learned of the loss from the FBI and the FDIC's office of
inspector general, Kea says in the letter. Those organizations will jointly investigate the matter.
The FDIC has been criticized for weak information security in the past. A Government Accountability Office audit conducted in September 2004 through
February 2005 found that the agency inadvertently granted 250 users of its information systems access to data including payroll and personnel information.
Neither were the activities of those users being logged for later review, GAO investigators found. "As a result, increased risk exists that
individuals could circumvent security controls to read, create, or modify critical or sensitive programs and data, possibly without detection," the GAO report states.
Agency workers are advised to contact all three major credit bureaus to obtain credit reports. Those charged for the reports can expense the cost,
up to a maximum of $30, Kea's letter says. Extra employee vigilance over suspected incidents of identity theft will be required for the next 12 to 24
months, she added.
David Perera is a special contributor to Defense Systems.