The drives contained privacy information and their loss is "a major information security incident" Credit: Dustin Gaffke A U.S. banking regulator says an employee downloaded a large amount of data from its computer system a week before he retired and is now unable to locate the thumb drives he stored it on.The Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, said the loss represented “a major information security incident” as it reported the case to Congress on Friday.The data was taken in November 2015, but its loss was only discovered in September this year as the agency reviewed downloads to removable media devices in the last two years.The employee in question used two thumb drives to store the information, both of which he is unable to locate, the agency said. It didn’t say what information was downloaded but said it involved “controlled unclassified information, including privacy information” and numbered at least 10,000 records.However, the OCC said there is no evidence to suggest any of the data has been leaked or disclosed to the public. “The information on the two thumb drives was encrypted based on OCC policy to prevent information that is lost or stolen from being misused,” it said in a statement. “The incident has not adversely affected OCC systems or the OCC’s mission, nor has the agency detected corruption of any data as a result of the incident.”A new IT security policy implemented in August 2016 already makes a repeat of the incident impossible, it said. Related content news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe