According to the U.S. Office of Comptroller of the Currency, an employee who recently retired took along with him over 10,000 activity and staff records sometime in November 2015.
The unnamed worker copied a “large number” of files onto two thumb drives and, when asked to give them back, stated that they were lost
This internal security breach is being treated as a major event, but luckily, the risk to the government is not high. The data was encrypted, and thus far there is no sign that any information has fallen into the wrong hands.
The main issue for the OCC is that the data left the premises in the first place. Data and other security breaches cost America’s hospitals about $6 billion every year.
In August of 2016, the OCC implemented a new policy barring employees from transferring data to removable storage without a supervisor’s approval.
The policy came too late to prevent this particular incident, and investigators also stopped what might have been another breach on September 1st. These episodes reflect poorly on the United State’s cyber security efforts.
In the summer of 2015, hackers breached a computer at the personnel department of the U.S. government, compromising the data of over four million current and former employees.
The breach was later traced to China, but the Chinese government claimed that it was the work of criminal hackers, not state-sponsored ones. The hack resulted in millions of people having extremely sensitive information, including their fingerprints, Social Security numbers, and background checks stolen, the OPM director Katherine Archuleta resigning, and the government offering to pay to protect employees from possible identity theft.