Thousands of current and former employees at the Federal Deposit Insurance Corp. are being warned that their sensitive personal information was breached, leading to an unspecified number of fraud cases.
In letters dated last Friday, the agency told roughly 6,000 people to be "vigilant over the next 12 to 24 months" in monitoring their financial accounts and credit reports. The data that may have been improperly accessed included names, birth dates, Social Security numbers and salary information on anyone employed at the agency as of July 2002.
The agency said that in a "small number of cases," the data was used to obtain fraudulent loans from a credit union, but declined to specify how many or the credit union involved.
According to the letter, the breach occurred early last year, and it remains unclear why employees were not notified for nearly 18 months. The agency wrote that it learned of the breach only "recently," but did not explain how the breach surfaced or why it took so long to learn about it.
Nor did the letter say how the breach occurred, aside from stating that it was not the result of a computer security failure. In June 2003, the Government Accountability Office concluded that security weaknesses at the agency left some of its data vulnerable, though the report cited some improvements.
One trusts this will motivate our government to do something about this.