The federal government once again showed its relative inability to maintain strong data security practices when the information of 44,000 FDIC customers was breached by an employee leaving the agency. The apparent breach happened in February and was discussed in an internal memo shared throughout the agency on March 18th. It was declared that the data downloaded on a personal storage device was done so “inadvertently and without malicious intent.” The memo does not state explicitly which information had actually been compromised. The FDIC has classified this as a “major incident,” under the Federal Information Security Modernization Act of 2014.
Though it seems that this compromise of data was solely due to a lack of attention paid by the FDIC and its former employee, it reiterates the need for organizations to implement and practice data loss prevention controls. The likelihood of this happening at any organization which holds sensitive information is high. It is important for companies to learn from this and implement a strong security awareness program for their employees which covers all aspects of information security, include data loss prevention.
If you have any questions, please contact a GraVoc certified Information Security specialist below:
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.