PYMNTS-MonitorEdge-May-2024

The FDIC Is In Hot Water Over Cybersecurity

FDIC cybersecurity practices

House lawmakers aren’t letting up on the Federal Deposit Insurance Corporation (FDIC) when it comes to how the banking regulator handled notifications following a slew of recent data breaches.

The Wall Street Journal reported on Tuesday (May 24) that an investigation led by House lawmakers has uncovered “significant shortfalls” in the FDIC’s cybersecurity policies, which may have left it vulnerable to hackers gaining access to private information and regulatory data.

In a joint letter to FDIC Chairman Martin Gruenberg, seen by WSJ, Rep. Lamar Smith (R-TX) and Rep. Barry Loudermilk (R-GA) wrote:

“This information raises serious concerns about whether additional data breaches have occurred without detection due to inherent weaknesses in the FDIC’s system used to monitor data breaches.”

Earlier this month, a U.S. congressional subcommittee held a hearing where the FDIC was questioned about a string of data breaches, including two recent incidents that involved 10,000 sensitive and private data records to be downloaded by workers onto storage devices before they left the agency.

Upon learning of the breaches, the FDIC also discovered that there were five other incidents where this same behavior had occurred, according to Rep. Loudermilk, who is the chair of the House of Representatives subcommittee on oversight and technology.

Altogether, this led to the personal data of more than 160,000 people being impacted, according to a Reuters report on the meeting.

According to the letter from the GOP leaders, the evidence against the FDIC insinuates that the agency is not monitoring the computer activities of its employees, including whether a download of sensitive information to a portable device takes place, WSJ reported.

“This leaves important information, including personally identifiable banking information for millions of Americans and banks’ living wills, vulnerable to data breaches by FDIC employees, who currently have access to sensitive information at the agency,” the letter continued.

PYMNTS-MonitorEdge-May-2024