Joe Davidson reports:
In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers was breached by an employee leaving the agency.
The breach occurred in February and was outlined in an internal FDIC memorandum obtained by The Washington Post. The March 18 memo from Lawrence Gross Jr., FDIC’s chief information officer and chief privacy officer, to FDIC Chairman Martin J. Gruenberg said the data were downloaded to a personal storage device “inadvertently and without malicious intent.”
“The FDIC’s investigation does not indicate that any sensitive information has been disseminated or compromised,” the memo said.
Read more on Washington Post.
So, having done this risk assessment, did the FDIC notify customers or did they decide that there was no need for notification? It sounds like they didn’t notify consumers.