Skip to main content
close search
site logo
Dive Brief

FDIC had more than 50 data breaches in 2 years

Published Oct. 9, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter

Dive Brief:

  • The Federal Deposit Insurance Corporation (FDIC) suffered more than 50 data breaches between January 2015 and December 2016, according to a report conducted by the Office of Inspector General (OIG). The OIG reviewed 18 of the 54 suspected breaches that jeopardized personally identifiable information (PII) of U.S. citizens.
  • The FDIC houses troves of PII, including social security numbers, driver's license numbers and home addresses. The report found the FDIC did not perform impact assessments or communicate with the Data Breach Management Team within the designated timeframe for 13 of the 18 reviewed breaches.
  • The agency has until September 2018 to correct the issues the OIG highlighted, including its response rate. The FDIC took about 288 days from the discovery of a breach to inform impacted individuals, and about 67% of the reviewed breaches took more than the 72-hour timeframe required for initial investigator actions. The FDIC took an average of 21 days to complete such tasks and did not have an incident response coordinator. 

Dive Insight:

The frequency of data breaches is staggering, but complacency regarding PII is not an option. Federal information security fell short across 24 reviewed agencies, including network authorization and security management protocols.

Government entities are already scrutinized for the use of outdated technologies, but the handling of tech is just as important as the tech itself. Most cybersecurity experts would agree that attacks and breaches are not a question of "if" but "when."

Sometimes it is not so much the breach itself but the handling of the breach that worsens its impact. Equifax's data breach was only amplified by its delayed, disorganized and suspicious activities. On the flip side, the SEC ignored proper actions prior to its 2016 data breach. Security efforts conducted before and after a breach are sometimes of equal importance. 

The U.S. government's cybersecurity practices fall short of other industries, but previously breached agencies, like the Office of Personnel Management (OPM), are making strides in recovery. After OPM's 2015 data breach, the agency has completed 11 of the 19 security tasks recommended by the GAO. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell