A US bank regulator, now retired, who downloaded large amount of data on two thumb drives says that he lost them. The Office of the Comptroller of the Currency, which is part of the Department of Treasury, says that this is a “a major information security incident.” The specifics on the data lost hasn’t been disclosed, but it involved “controlled unclassified information, including privacy information.” The agency discovered this loss by conducting a review on all information downloaded to removable media back in September. This issue would have been avoided if there was a policy in place that restricting data to be downloaded to devices, like most companies are doing now.
Link to article: http://www.csoonline.com/article/3137005/security/lost-thumb-drives-bedevil-us-banking-agency.html
Data breaches like this is very worrisome. Although the OCC reported that there hasn’t been any impact yet, it doesn’t mean you are safe. The thumb drive was also encrypted but it doesn’t mean that it can’t be cracked. Data is loss and unaccounted for still poses a risk, even if it takes a couple years for it to resurface. We’ve seen this Yahoo!, where email address and passwords were stolen 4 years only to resurface and adversely affect their deal with Verizon.
The main problem I felt that why the auditing of logs for data being transferred is done in 2 years.This process should have been done more frequently.If this auditing was done in 6 months there was chances of tracking the person more fast.Its hard to figure out whether the data was not or will not be used for any malpractice.