WASHINGTON — A 2010 cyberattack targeting the Federal Deposit Insurance Corp. — believed to have originated in China — is reportedly the subject of an FBI investigation.
The Reuters news agency, citing anonymous sources, reported Friday that the FBI was probing the attack that is believed to be connected to China's military.
China's alleged involvement in hacking the agency was disclosed in May by Rep. Barry Loudermilk, R-Ga., following a House Science Committee hearing on a series of FDIC data breaches that had sparked scrutiny of the bank regulator's security practices. That revelation pointed to an attack said to have started in October 2010, continued for at least a year, and infected the workstations of then-FDIC Chairman Sheila Bair and other top agency officials.
The banking agency's cybersecurity practices have been in the spotlight over the past year following the revelations of numerous data breaches, including incidents where former FDIC employees had downloaded sensitive data to a thumb drive. The breaches led to strong criticism by GOP lawmakers of the FDIC's cybersecurity practices.
In a statement Friday, an FDIC spokeswoman said the agency had taken "immediate steps to remediate" the advanced persistent threat related to the 2010 hacking incident. That included hiring a third-party cybersecurity consulting firm to confirm that the threat had been remediated.
"Cybersecurity is a top priority for the FDIC and we are continuing to take steps to enhance our cybersecurity program," the spokeswoman said.
In August, the FDIC outlined a series of new data protection steps, including expansion of multifactor authentication; a ban on downloading data to thumb drives and other removable media; and controls on documents sent to a printer. The FDIC also said it planned to join Einstein, a Department of Homeland Security data monitoring program for federal agencies.