The US banking regulator found that a former employee had downloaded a significant amount of files onto thumb drives before his departure, and it informed Congress about a possible major information security incident.
The Office of the Comptroller of the Currency claims that there is no proof that the former employee either misused or publicly released the data.
The banking regulator verified that the ex-employee downloaded a substantial amount of files onto two detachable thumb drives; the pilfered data was secured with encryption.
The Office of the Comptroller of the Currency claims that only last month, following a standard security examination, was the security breach discovered.
TPRM report: https://scoringcyber.rankiteo.com/company/office-of-the-comptroller-of-the-currency
"id": "off045131123",
"linkid": "office-of-the-comptroller-of-the-currency",
"type": "Data Leak",
"date": "11/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Banking Regulation',
'location': 'United States',
'name': 'Office of the Comptroller of the Currency '
'(OCC)',
'size': 'Unknown',
'type': 'Government Agency'}],
'attack_vector': 'Insider Threat',
'customer_advisories': 'Unknown',
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'file_types_exposed': 'Unknown',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Unknown',
'sensitivity_of_data': 'Unknown',
'type_of_data_compromised': 'Unknown'},
'date_detected': 'Unknown',
'date_publicly_disclosed': 'Unknown',
'date_resolved': 'Unknown',
'description': 'The Office of the Comptroller of the Currency (OCC) '
'discovered that a former employee had downloaded a '
'significant amount of files onto thumb drives before '
'departure, potentially resulting in a major information '
'security incident.',
'impact': {'brand_reputation_impact': 'Unknown',
'conversion_rate_impact': 'Unknown',
'customer_complaints': 'Unknown',
'data_compromised': 'Unknown',
'downtime': 'Unknown',
'financial_loss': 'Unknown',
'identity_theft_risk': 'Unknown',
'legal_liabilities': 'Unknown',
'operational_impact': 'Unknown',
'payment_information_risk': 'Unknown',
'revenue_loss': 'Unknown',
'systems_affected': 'Unknown'},
'initial_access_broker': {'backdoors_established': 'Unknown',
'data_sold_on_dark_web': 'Unknown',
'entry_point': 'Unknown',
'high_value_targets': 'Unknown',
'reconnaissance_period': 'Unknown'},
'investigation_status': 'Unknown',
'lessons_learned': 'Unknown',
'motivation': 'Unknown',
'post_incident_analysis': {'corrective_actions': 'Unknown',
'root_causes': 'Unknown'},
'ransomware': {'data_encryption': 'Unknown',
'data_exfiltration': 'Unknown',
'ransom_demanded': 'Unknown',
'ransom_paid': 'Unknown',
'ransomware_strain': 'Unknown'},
'recommendations': 'Unknown',
'references': [{'date_accessed': 'Unknown',
'source': 'Unknown',
'url': 'Unknown'}],
'regulatory_compliance': {'fines_imposed': 'Unknown',
'legal_actions': 'Unknown',
'regulations_violated': 'Unknown',
'regulatory_notifications': 'Unknown'},
'response': {'adaptive_behavioral_waf': 'Unknown',
'communication_strategy': 'Unknown',
'containment_measures': 'Unknown',
'enhanced_monitoring': 'Unknown',
'incident_response_plan_activated': 'Unknown',
'law_enforcement_notified': 'Unknown',
'network_segmentation': 'Unknown',
'on_demand_scrubbing_services': 'Unknown',
'recovery_measures': 'Unknown',
'remediation_measures': 'Unknown',
'third_party_assistance': 'Unknown'},
'stakeholder_advisories': 'Unknown',
'threat_actor': 'Former Employee',
'title': 'Data Exfiltration by Former Employee at US Banking Regulator',
'type': 'Data Exfiltration',
'vulnerability_exploited': 'Unauthorized Data Access'}