WASHINGTON – U.S. House Science, Space, and Technology Committee today released an interim staff report with preliminary findings from the committee’s investigation of major data breaches at the Federal Deposit Insurance Corporation (FDIC).
Chairman Lamar Smith (R-Texas): “The committee’s interim report sheds light on the FDIC’s lax cybersecurity efforts. The FDIC’s intent to evade congressional oversight is a serious offense. Major improvements need to be made to the FDIC’s cybersecurity mechanisms.
“The committee’s investigation is ongoing. We will continue to work towards increasing transparency at the agency and hold the FDIC accountable. Americans should be able to trust the agency with their sensitive banking information. The committee looks forward to hearing explanations from the FDIC Chairman tomorrow and what changes he plans to make.”
The committee found that Chief Information Officer (CIO) Larry Gross has engaged in mismanagement, misled Congress, and retaliated against whistleblowers. He has fostered a hostile work environment. It is also clear that the FDIC deliberately evaded congressional oversight. In addition, the committee found the FDIC has historically experienced deficiencies related to its cybersecurity posture, and those deficiencies continue to the present.
The report comes during a lengthy investigation that included holding one hearing, conducting seven transcribed interviews of FDIC employees, and reviewing approximately 15,000 documents produced by the agency, the FDIC Inspector General (IG), and whistleblowers.
Tomorrow the committee will hold a full committee hearing to examine FDIC’s cybersecurity posture, prior congressional testimony by FDIC officials, and the agency’s response to the committee’s investigation. FDIC Chairman Martin Gruenberg and Acting Inspector General Fred Gibson will testify.
The full report can be found here.
Background:
On April 8, Chairman Smith sent a letter to FDIC Chairman Martin Gruenberg requesting documents, information, and a briefing from the agency after noticing anomalies in FDIC’s annual FISMA report.
On April 20, Chairman Smith wrote the FIDC requesting information related to other unreported breaches.
On May 10, allegations of the FDIC withholding documents led to Chairman Smith to write a letter to the IG requesting all documents not produced.
On May 12, the Oversight Subcommittee held a hearing on this matter.
On May 19, Chairmen Smith and Loudermilk sent a letter to the FDIC outlining numerous inconsistencies in CIO Larry Gross’s testimony.
On May 24, Chairmen Smith and Loudermilk sent a letter to FDIC requesting transcribed interviews of nine FDIC employees following the FDIC’s discreditable performance at the May 12 hearing, along with their obstruction and concealment of facts and documents.