FDIC's Gruenberg Called to Capitol Hill Over Cyber Breaches

WASHINGTON — Federal Deposit Insurance Corp. Chairman Martin Gruenberg has been called to testify on recent cybersecurity breaches in front of a House committee this month. He is set to be replaced at the hearing by FDIC Chief Information Officer Lawrence Gross.

According to an April 27 summons from the House Committee on Science, Space and Technology obtained by American Banker, Gruenberg was asked to discuss a February incident in which a departing employee took data on roughly 44,000 former bank customers. But Committee staff confirmed that Gruenberg would not attend. Gross and the FDIC's Inspector General, Fred Gibson, are set to testify.

The committee "wants to ensure that the FDIC is taking appropriate action to mitigate the risks posed by the security incident, as well as any cybersecurity risks," the letter said. Gruenberg is scheduled to testify on May 12.

The breach, first reported by the Washington Post, took place Feb. 26, when the employee took away the information on a portable media device. After the agency found out, the employee returned the data on March 1, an FDIC spokeswoman said.

The incident was reported to the Committee on March 18, according to the letter. It was classified as a "major" security breach based on Office of Management and Budget guidelines by the Committee, and led to a congressional investigation into the breach.

FDIC spokeswoman Julianne Breitbeil told American Banker last month that it was reported to Congress "out of an abundance of caution."

The FDIC also suffered a breach in October in which a departing employee took away data on a portable media device that included about 10,000 Social Security numbers, according to an April 20 letter from the Committee .

The FDIC took several months to label the October breach as a "major" incident and to report it to Congress on Feb 26.

Committee Chairman Lamar Smith, R-Texas, found the two incidents "strikingly similar," he said in the earlier letter.

"The FDIC's apparent hesitation to inform Congress of the security incident not only raises concerns about the agency's willingness to be transparent and forthcoming with Congress, but raises further questions about whether additional information stored in FDIC systems has been compromised without being brought to the attention of Congress," he added.

The House Committee on Science, Space and Technology requested that Chairman Gruenberg testify at the hearing in an April 27 letter, but Committee staff later confirmed that he will not testify. FDIC ‎Chief Information Officer Lawrence Gross is scheduled to testify in his stead.

For reprint and licensing requests for this article, click here.
Law and regulation Cyber security Bank technology Data breaches
MORE FROM AMERICAN BANKER