The FDIC's Processes for Responding to Breaches of Personally Identifiable Information

Citation
FDIC Office of Inspector General, The FDIC's Processes for Responding to Breaches of Personally Identifiable Information (Office of Information Technology Audits and Cyber Report No. AUD-17-006) (Sept. 2017) (full-text).

Overview
An FDIC audit found that protocols for responding to a data breach are not being followed, even as the agency has faced dozens of security incidents in the past two years. The audit stemmed from a series of data breaches at the FDIC over nearly two years, from January 2015 to December 2016. Overall the agency has confirmed or suspects that it was compromised 54 times within that time period. The Office of Inspector General selected 18 of those breaches to evaluate for the audit.