FDIC latest to fall victim to theft of employee data
- By Jason Miller
- Jun 17, 2005
The Federal Deposit Insurance Corp. has joined a growing number of public- and private-sector entities that have had to tell employees that their personal data has been stolen.
In a letter to current and former FDIC workers obtained by GCN, Arleas Upton Kea, director of the agency's administration division, said that in early 2004 someone accessed current and former employee personal data without authorization. That data includes name, date of birth, salary, Social Security number and length of service.
The Washington Post
first reported the security breach yesterday.
Officials discovered the problem in March and sent letters to those affected. In the subsequent investigation, the FBI found that data of all FDIC employees and former employees has been stolen. The FBI, which would not comment on the investigation, alerted FDIC June 9, and Kea sent the letter June 10.
FDIC's inspector general also is investigating the crime. 'The case still is under investigation,' said a FDIC spokesperson. 'There is not a lot we can say at this point.'
The spokesperson confirmed that no one hacked into the agency's system but wouldn't say how the data was stolen except that it was not similar to the Bank of America situation in February. Bank of America lost back-up tapes
containing data on 1.2 million federal employees.
FDIC is asking former and current employees to check their credit reports over the next 12 to 24 months for suspicious activity.
News of FDIC's security breach comes as Congress is considering a number of laws that would require immediate notification when personal data is lost. Sen. Dianne Feinstein (D-Calif.), a sponsor of one of those bills, testified yesterday before the Senate Commerce Committee.
Feinstein told the committee that 'data breaches and identity theft [are] national problems that require a federal solution. One strong notification standard is what we need, not a patchwork of state laws like we are beginning to see in California, Arkansas, Georgia, Indiana, Montana, North Dakota and Washington state.'
The senator's bill would require federal agencies and private-sector companies to notify individuals 'without unreasonable delay' if their personal data is lost or stolen, unless law-enforcement officials say it would impede their investigation.
Along with Feinstein, Sen. Charles Schumer (D-N.Y.) and Rep. Ed Markey (D-Mass.) are among those who have introduced identity theft bills
over the past few months.