hacking

Source: AP News

It’s one of the largest banking regulatory agency’s in the U.S. government — and they didn’t want you to know the Chinese government was gaining unauthorized access to their data for years.

The Chinese government is believed to have hacked into computers at the Federal Deposit Insurance Corp. in 2010, 2011 and 2013, including the workstation of then-FDIC Chair Sheila Bair, a congressional report says.

And the FDIC tried to cover up the breaches.

The report issued Wednesday by the Republican majority staff of the House Science, Space and Technology Committee cites a May 2013 memo from the FDIC inspector general to agency Chairman Martin Gruenberg. The memo described an “advanced persistent threat,” said to have come from the Chinese government, which compromised 12 computer workstations and 10 servers at the FDIC.

In addition to those incidents, the committee staff has been investigating the FDIC’s response to a number of what it calls major data breaches at the agency and whether it is properly safeguarding consumers’ banking information.

When congressional investigators began reviewing the FDIC’s security policy, the agency tried to hide the hacks, the report says.

“FDIC’s chief information officer, Russ Pittman … ‘instructed employees not to discuss … this foreign government penetration of the FDIC’s network’,” CNN’s

FDIC spokeswoman Barbara Hagenbaugh declined to comment on the report. Gruenberg is scheduled to testify Thursday at a hearing by the committee on cybersecurity at the agency.

The issue of suspected Chinese government hacking has been sensitive since the disclosure last year of a massive breach of the U.S. Office of Personnel Management’s databases, which the U.S. believed was carried out by Chinese cyber spies. In one of the worst data breaches in U.S. history, the personal files of 21 million Americans were stolen, and the federal personnel agency came under fire for neglecting to put in basic cybersecurity protections to prevent the plunder.

The OPM breach dealt the U.S. a major national security blow, experts say, by exposing the personal information and foreign contacts of millions of people with security clearances.

Created during the Great Depression to insure bank deposits, the FDIC maintains a multibillion-dollar insurance fund. It monitors and examines the financial condition of U.S. banks, keeping confidential information on about 9,000 banks and savings and loans.

The House committee’s chairman, Republican Lamar Smith of Texas, said the staff report shows the FDIC’s “lax cybersecurity effort.” He accused the agency of trying to stonewall the committee in its investigation.

On the suspected Chinese hacking, the report says the “advanced persistent threat” compromised FDIC computers in 2010, 2011 and April 2013. “In essence, a foreign government penetrated FDIC’s computers and the workstations of high-level agency officials,” including Bair, the then-chief of staff and the then-general counsel, it says.

The agency watchdog inspector general criticized the FDIC in the 2013 memo for violating its own policies, according to the report.