Menu
Browse

Cyber Incident Victim: Federal Deposit Insurance Corporation

Date:

Jan 2010

Location:

United States of America

Summary

The Federal Deposit Insurance Corporation experienced multiple cybersecurity breaches, including a series of intrusions attributed to Chinese hackers who installed backdoor malware on critical systems, compromising workstations of senior executives. These incidents were concealed from authorities and only uncovered during an investigation into a separate major data leak involving departing employees who copied sensitive customer data—including Social Security numbers and bank records—onto USB drives. The agency failed to report several breaches promptly, with leadership accused of misleading auditors, suppressing disclosures to avoid political repercussions, and fostering inadequate security practices. Over 160,000 individuals' personal information was exposed across these incidents, prompting eventual credit monitoring offers. Senior IT officials were implicated in creating a toxic workplace environment and resisting security improvements while permitting widespread use of portable storage devices.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

Between 2010 and 2013, the Federal Deposit Insurance Corporation experienced multiple cybersecurity breaches attributed to hackers purportedly operating from China. Attackers compromised 12 employee workstations and 10 servers through backdoor malware installations, including devices belonging to the FDIC Chairman, Chief of Staff, and General Counsel. These incidents met the threshold of 'advanced persistent threat' attacks but were never reported to US-CERT or other authorities as required by agency policies. The breaches remained concealed until a 2015 Inspector General investigation into unrelated data leaks exposed the pattern of non-disclosure. Former FDIC Chief Information Officer Russ Pittman misled auditors about the scope of these intrusions and instructed staff not to discuss foreign government involvement, allegedly to protect Chairman Martin Gruenberg's confirmation prospects.

Cyber Incident Image

Additional security failures emerged through a cascade of insider breaches between 2015-2016. On October 23, 2015, FDIC security staff detected a former Gainesville, Florida field office employee had copied over 1,200 documents containing Social Security numbers for 44,000 individuals and 30,715 banks onto a USB drive before departure. Despite intercepting the employee, data recovery didn't occur until March 2016, with the agency relying solely on the individual's sworn affidavit that information wasn't disseminated. A September 2015 incident involved a New York employee exfiltrating 30,000 Social Security numbers via USB drive, classified as a 'major' breach but only disclosed in an annual FISMA report. Another February 2016 breach saw a Texas employee download 44,000 records 'without malicious intent.' FDIC leadership initially underreported impact figures to Congress, claiming only 10,000 affected individuals before retroactively reporting five additional major breaches in May 2016. The cumulative leaks compromised data for over 160,000 individuals, with credit monitoring services belatedly offered after Congressional hearings. CIO Lawrence Gross faced allegations of creating a 'toxic workplace' that hindered security improvements, maintaining policies allowing 50% of employees USB access while pushing a $3 million laptop procurement initiative as a security measure.

Sources
Sources available to members
1 source