FDIC Employees victims of Identity Theft

June 16, 2005

Personal data including Social Security numbers on nearly 6,000 current and former Federal Deposit Insurance Corporation (FDIC) employees was stolen in early 2004. The stolen data included names, birthdays, salaries, Social Security numbers and length of service information of all FDIC employees that were in an official pay status since July 2002. There are about 5,200 current workers. Some of the data has already been used for fraudulent purposes.

An FDIC spokeswoman said that the agency first found out about the stolen data on March 30 when the agency's inspector general notified the agency that former FDIC employees were victims of apparent fraud. The next day, employees affected by the fraud were notified and it was not until June 9 that the extent of the stolen data was discovered.

In May, the Government Accountability Office stated that while the FDIC had improved weaknesses in its cybersecurity controls, it had yet to establish a comprehensive security management program. In previous audits of the agency's cybersecurity standards, GAO found the agency severely deficient. The letter states that the loss of data was not the result of a failure of the agency's cybersecurity programs and that the agency is taking steps to make sure this does not happen again. According to an FDIC source, the data was culled from a stolen paper copy of the employee information and no electronic hacking occurred.

In the letter, Arleas Upton Kea, the administration division director, encouraged all employees potentially affected by the security breach to obtain full credit reports from the three major credit bureaus. "You should remain vigilant over the next 12 to 24 months and promptly report incidents of suspected identity theft to the local police and the credit bureaus," Kea wrote.

Back to Alerts
Card-Fraud.com