WASHINGTON — A retired Office of the Comptroller of the Currency employee left last year with more than 10,000 sensitive records uploaded to two thumb drives, the agency revealed on Friday.
The incident happened in November 2015, the OCC said in a public statement, but was only detected in early September during a review of employee downloads.
During the review, the OCC found "significant change in download patterns" for that employee. After being contacted, the employee "was unable to locate or return" the thumb drives, the agency said.
The sensitivity of the data in question is unclear. On the one hand, the OCC categorized the incident as a "major" cybersecurity event, which required notification to the Office of Management and Budget, Congress and other government entities.
But the agency also said the data involved "controlled unclassified information."
The OCC said there was "no evidence" that personally identifiable or classified information was taken. The OCC also said the incident has not led to any disruption of the OCC's systems.
In recent months, at least nine similar incidents at the Federal Deposit Insurance Corp. have been brought to light, sparking a congressional probe into the agency's response and disclosures to lawmakers.