Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
In a letter to current and former FDIC workers obtained by GCN, Arleas Upton Kea, director of the agency's administration division, said that in early 2004 someone accessed current and former employee personal data without authorization. That data includes name, date of birth, salary, Social Security number and length of service.
Officials discovered the problem in March and sent letters to those affected. In the subsequent investigation, the FBI found that data of all FDIC employees and former employees has been stolen. The FBI, which would not comment on the investigation, alerted FDIC June 9, and Kea sent the letter June 10.
FDIC's inspector general also is investigating the crime. "The case still is under investigation," said a FDIC spokesperson. "There is not a lot we can say at this point."
The spokesperson confirmed that no one hacked into the agency's system but wouldn't say how the data was stolen except that it was not similar to the Bank of America situation in February. Bank of America lost back-up tapes containing data on 1.2 million federal employees.
FDIC is asking former and current employees to check their credit reports over the next 12 to 24 months for suspicious activity.
News of FDIC's security breach comes as Congress is considering a number of laws that would require immediate notification when personal data is lost. Sen. Dianne Feinstein (D-Calif.), a sponsor of one of those bills, testified yesterday before the Senate Commerce Committee.
Feinstein told the committee that "data breaches and identity theft [are] national problems that require a federal solution. One strong notification standard is what we need, not a patchwork of state laws like we are beginning to see in California, Arkansas, Georgia, Indiana, Montana, North Dakota and Washington state."
The senator's bill would require federal agencies and private-sector companies to notify individuals "without unreasonable delay" if their personal data is lost or stolen, unless law-enforcement officials say it would impede their investigation.
Along with Feinstein, Sen. Charles Schumer (D-N.Y.) and Rep. Ed Markey (D-Mass.) are among those who have introduced identity theft bills over the past few months.