WASHINGTON – U.S. House Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) and Oversight Subcommittee Chairman Ralph Abraham (R-La.) yesterday sent a letter to the Federal Deposit Insurance Corporation (FDIC) requesting information on any accountability measures taken in response to a scathing new inspector general report that found multiple failures by top leadership of the agency.

This week, the FDIC inspector general released the results of their inquiry into the agency’s multiple data breaches and concealment efforts and found “shortcomings in the performance of certain individuals in key leadership positions.” The report named the chief information officer/chief privacy officer, the director of the Office of Legislative Affairs and the former deputy general counsel. The report also found failures to inform Congress of the breaches in a timely or forthright manner as required by law and multiple failures to find and produce documents and information requested by Congress following the breaches.

The committee has been investigating the FDIC’s data security practices and its responsiveness to Congress since April 2016.

The letter reads in part:

The [Office of Inspector General (OIG)] exposed the FDIC’s poor cybersecurity posture, missteps in handling the numerous data breaches, and ultimately the cover-up agency staff engaged in when responding to congressional inquiries. This scheme went to the highest levels of the agency.

[…]

The OIG Report confirmed the Committee’s worst suspicions – there was an orchestrated plan within the FDIC to withhold information from Congress. According to the OIG Report, just three days after receiving the Committee’s letter, the Director of the Office of Legislative Affairs (OLA) “convened a meeting among FDIC personnel to discuss the response to the SST Committee letter dated April 8, 2016.” In defiance of the Committee’s constitutional oversight authority, the OLA Director determined that “FDIC would produce what it believed was necessary for the SST Committee to do its oversight work, and that if the Committee wanted more, it could come back to the FDIC and ask for it.” At the time, when it became clear the agency was not being forthcoming, several FDIC whistleblowers emerged to tell the Committee that OLA was concealing responsive documents. As additional evidence of the FDIC OLA’s deception, the OIG Report shows there were initial draft responses to the Committee that were altered to hide the fact that the agency was only providing a partial production. At best, these actions exhibit ignorance of congressional authorities; at worst, they are willful obstruction of a congressional investigation.

The full letter can be found here.

The FDIC inspector general report can be found here.

Background

  • On October 21, 2016, the committee sent a letter to the FDIC regarding another data breach involving the records of over 400 FDIC employees.
  • On July 14, 2016, Chairman Smith convened a full committee hearing with FDIC Chairman Martin Gruenberg and the FDIC Acting Inspector General Fred Gibson.
  • On July 13, 2016, the committee released a majority staff interim report on the investigation of FDIC data breaches. The committee found that FDIC repeatedly and deliberately withheld documents from the committee and schemed to avoid written records related to cybersecurity and data breaches that could be discovered by Congress. According to whistleblowers, FDIC employees also schemed to lie to committee staff in a briefing about the nature of the data breaches.
  • On June 9, 2016, the committee sent a letter to FDIC Chairman Gruenberg inquiring about the agency’s improper access to FDIC inspector general internal communications, which were transmitted to the committee as part of the FDIC’s document production.
  • On May 24, 2016, the committee sent a letter to FDIC requesting transcribed interviews of nine FDIC employees following the FDIC’s discreditable performance at the May 12, 2016, hearing, along with their obstruction and concealment of facts and documents. 
  • On May 19, 2016, the committee sent a letter to the FDIC outlining numerous inconsistencies in Mr. Gross’s testimony.
  • On May 12, 2016, the Oversight Subcommittee held a hearing on this matter with then-FDIC Chief Information Officer and Chief Privacy Office Larry Gross and FDIC Acting Inspector General Gibson.
  • On May 10, 2016, allegations of the FDIC withholding documents led to Chairman Smith writing a letter to the IG requesting all documents not produced.
  • On April 20, 2016, Chairman Smith wrote the FIDC requesting information related to other unreported breaches.
  • On April 8, 2016, the committee sent a letter to FDIC Chairman Martin Gruenberg requesting documents, information and a briefing from the agency after noticing anomalies in FDIC’s annual Federal Information Security Modernization Act of 2014 (FISMA) report.