Lost thumb drives bedevil US banking agency

The drives contained privacy information and their loss is "a major information security incident"

Department of Treasury

The U.S. Department of Treasury building in Washington, D.C.

Credit: Dustin Gaffke

A U.S. banking regulator says an employee downloaded a large amount of data from its computer system a week before he retired and is now unable to locate the thumb drives he stored it on.

The Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, said the loss represented "a major information security incident" as it reported the case to Congress on Friday.

The data was taken in November 2015, but its loss was only discovered in September this year as the agency reviewed downloads to removable media devices in the last two years.

The employee in question used two thumb drives to store the information, both of which he is unable to locate, the agency said.

It didn't say what information was downloaded but said it involved "controlled unclassified information, including privacy information" and numbered at least 10,000 records.

However, the OCC said there is no evidence to suggest any of the data has been leaked or disclosed to the public.

"The information on the two thumb drives was encrypted based on OCC policy to prevent information that is lost or stolen from being misused," it said in a statement. "The incident has not adversely affected OCC systems or the OCC’s mission, nor has the agency detected corruption of any data as a result of the incident."

A new IT security policy implemented in August 2016 already makes a repeat of the incident impossible, it said.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.