US govt bank insurer 'covered up China hack to protect top boss'

FDIC waited until after chairman was installed to reveal IT security horror, it is claimed

A person hiding in a box

The US Federal Deposit Insurance Corporation – a government agency tasked with safeguarding citizens' bank accounts – deliberately covered up a cyberattack by China to protect its incoming chairman.

This is according to a damning report from Republican members of the US House Committee on Science, Space and Technology, who slammed the bank insurer's handling of its IT security breaches.

The scathing dossier claims that FDIC staffers were instructed by CIO Russ Pittman to not discuss network intrusions by "a foreign government, likely the Chinese" to avoid derailing Martin Gruenberg's succession from vice-chairman to chairman of the agency. The corporation's systems were attacked in 2010, 2011 and 2013.

Gruenberg had been vice-chairman of FDIC since 2005, and was upgraded to chairman in 2012. The security breaches were disclosed to US Congress in 2013. The congressional committee claimed this was just one example of the agency, under Pittman, deliberately hiding from Congress the fact that it had been hacked.

"There was a concern that if news got out about the foreign government hack, Mr Gruenberg's confirmation to the position of chairman may be jeopardized," the report reads.

"This is one earlier example of the current pattern by the committee of concealing information from Congress."

Meanwhile, a former FDIC staffer was also described to Congress as "cooperative and non-adversarial" in handing over a storage device containing over 70,000 documents of personally identifiable information and bank records, when in fact the employee had hired an attorney to negotiate the return of the records with the FDIC.

Other claims made against the FDIC include accusations that the agency has not put adequate computer security defenses in place, and that the corporation has created a "toxic work environment" that discourages employees from report hacks.

"The Commission remains concerned about the FDIC's weak cybersecurity posture and its ability to prevent further breaches," the report reads.

"Further, the FDIC's repeated unwillingness to be open and transparent with the Comittee's investigation raises serious concerns about whether the agency is still attempting to shield information from production to Congress."

The FDIC declined to comment on the report. ®

Sponsored: Webcast: Why you need managed detection and response


Biting the hand that feeds IT © 1998–2020