The Federal Deposit Insurance Corporation misled its congressional overseers about the seriousness of eight information security breaches during late 2015 and early 2016, according to an inspector general report and congressional letter.
The breaches all stemmed from employees who left the FDIC during that period and improperly took information with them. Seven of them took personally identifiable information, including Social Security numbers; the eighth took sensitive information about financial institutions.
In total, the breaches affected more than 10,000 individuals or records. During the succeeding months, the FDIC delayed notifying Congress about the breaches and downplayed their seriousness.
The letter from the House Science Committee demands to know who at FDIC has been held accountable for the failures, what their punishment was, and how the agency is implementing IG recommendations.