US bank authority warns of data breach that took 10,000 records

A former staffer grabbed the files while leaving his job in late 2015.

Reuters/Gary Cameron

Government data breaches aren't always the work of foreign intruders or even disgruntled employees. Sometimes, it's a staffer who simply isn't security-conscious. The US' Office of the Comptroller of the Currency has revealed that a worker took over 10,000 activity and staff records with him sometime in November 2015, shortly before he retired. The unnamed worker copied a "large number" of files to two thumb drives and, when asked about the data, couldn't find the drives to give them back.

While treated as a "major" event, the practical risk to the government isn't high. The data was encrypted precisely to prevent damage from a loss like this, and there's no indication that any controlled or private info has fallen into the wrong hands.

More than anything, the issue is that the OCC let this data leave in the first place. The agency implemented a policy in August 2016 that bars employees from transferring data to removable storage without a supervisor's approval, but it came too late to catch the thumb drive episode. Also, there's a chance that this isn't the only breach. Investigators spotted the data transfer on September 1st, or shortly into a retrospective review of file transfers that remains underway. It's too soon to know if this was a one-off event or a sign of additional problems. Either way, it's not good news for a government that's still trying to mend its security.