WASHINGTON – The Committee on Science, Space, and Technology today held a hearing titled Evaluating FDIC’s Response to Major Data Breaches: Is the FDIC Safeguarding Consumers’ Banking Information? Mr. Martin Gruenberg, chairman, Federal Deposit Insurance Corporation (FDIC), and Mr. Fred Gibson, acting inspector general, FDIC testified at today’s hearing.
During his line of questioning, Rep. Gary Palmer (R-Ala.) presented part of a transcript from the committee’s transcribed interview with an FDIC employee. The transcript confirmed that FDIC staff knew a malicious outside party penetrated the FDIC network in 2010 and 2011. In a politically driven maneuver by FDIC employees, the transcript also confirmed that FDIC employees purposely avoided taking the correct course of action to remedy the situation because, “We can’t do anything to jeopardize the [then-unconfirmed] chairman getting [a Senate approved position].”
Chairman Gruenberg was confirmed by the Senate in November 2012 for a five year term. He testified today that he was unaware of his staff’s intent to cover up cyber breaches in an effort to secure his position.
Chairman Gruenberg also confirmed he was unsure of the existence of an FDIC employee handbook. In response, Rep. Palmer suggested a new policy to include in such a handbook: FDIC employees cannot take anything with them when they terminate employment.
Click here to watch Rep. Palmer’s questioning.
Rep. Palmer: I find it interesting that some at the FDIC thought your appointment was more important than taking immediate action to protect almost 31,000 banks and 161,000 individuals…It’s as though these banks and their depositers and customers were acceptable losses - collateral damage - to ensure that there would be no obstacles to your confirmation. That concerns me. That is indicative of some political calculations within the FDIC that, in my opinion, are totally inappropriate.
Oversight Subcommittee Chairman Barry Loudermilk (R-Ga.) followed up, voicing his concern that Chairman Gruenberg’s inability to answer questions as to whether the FDIC has an employee handbook, as well as Chairman Gruenberg’s apparent lack of preparation across the board, may indicate that Chairman Gruenberg does not take seriously the breaches in question.
Click here to watch Chairman Loudermilk’s comments.
Rep. Darin LaHood (R-Ill.) raised concerns about the FDIC’s legal department instructing employees not to discuss matters relating to cybersecurity breaches over email in an effort to limit exposure to congressional oversight and FOIA requests. In a transcribed interview, an FDIC employee stated employees were instructed not to “discuss deliberations over the applicability or implications of OMB 16 03 in email.” Despite having known about the legal department’s actions for weeks, Chairman Gruenberg stated he has not yet taken any action to remedy the situation. This is yet another example of the FDIC’s attempt to evade congressional oversight and its lack of transparency and accountability.
Click here to watch Rep. LaHood’s questioning.
For more information about today’s hearing, including witness testimony and the archived webcast, please visit the Committee’s website.