The Office of Comptroller of Currency (OCC) last week disclosed a major data security breach  involving a former agency employee’s unauthorized removal of more than 10,000 records. The breach was detected in September while the agency was undertaking a retrospective two-year review of employees downloading information in an effort to help minimize cyberthreats.

The breach occurred in November 2015 when a former employee downloaded a large number of files onto two thumb drives before retiring from the agency. The OCC said data on the thumb drives were encrypted and there is no evidence that data taken by the employee were “disclosed” or “misused.” The report disclosed that the files included information “related to OCC activities and employees.”

The incident was categorized was a “major incident,” involving more than 10,000 records and potentially exposing personal information. Government agencies are required to report all “major incidents” to Congress; this is the first time the OCC has done so. The OCC said the data breach hasn’t “adversely affected” the agency’s internal operations.

Now maybe this retired employee downloaded his photos from his drive or documents or contact information and it was completely innocent…but what if it was more than that?

Does your company still allow the use of thumb drives? If so, why????? The risks of thumb drives which includes the introduction of malware and the ease of removing files seems like a good enough reason not to allow them.