The Office of the Comptroller of the Currency has reported to Congress a major incident involving thousands of controlled records.
A former OCC employee downloaded a large number of OCC files onto two removable thumb drives prior to his retirement.
The downloads took place in November 2015, though the banking regulator didn’t become aware of them until September 2016.
According to an announcement Friday from the OCC, it initiated in August a
retrospective review of employee downloads to removable media that occurred over the last two years.
The review, which is still underway, identified a significant change in download patterns by the employee during the week prior to his retirement.
When the former employee was contacted, he was unable to locate or return the thumb drives to the agency.
The matter was referred to the Treasury Department’s Office of Inspector General for investigation and to its Core Management Group for review. In addition, Congress has been notified.
“Based on the CMG’s review of the incident and using information from the Treasury OIG, the agency concluded on Oct. 27, 2016, that the event met OMB criteria of a major incident because it involved controlled unclassified information, including privacy information; the devices containing the information are not recoverable; and the incident involved the unauthorized removal of more than 10,000 records,” the statement said.
Still, the OCC noted that
there is no evidence to suggest that any non-public information, including any personally identifiable information or controlled unclassified information, has been disclosed to any member of the public or misused in any way based on currently available information.
In addition, the information on the two drives was encrypted based on OCC policy to prevent information that is lost or stolen from being misused.