The Office of the Comptroller of the Currency notified Congress, along with other federal agencies, that the employee downloaded the information onto two thumb drives prior to his retirement last year.
“The downloads occurred in November 2015 and were first detected on September 1, 2016, during an OCC-initiated retrospective review of employee downloads to removable media that occurred over the last two years,” the OCC said in a news release.
When contacted by the OCC, the former employee was unable to locate or return the drives, the release said.
The agency said that there was no evidence to suggest any non-public information had been disclosed “or misused in any way.”
“The information on the two thumb drives was encrypted based on OCC policy to prevent information that is lost or stolen from being misused,” the agency said.
However, the OCC said the breach met the government’s criteria for a “major incident” because it involved “controlled unclassified information, including privacy information,” and because the devices containing the breached records aren’t recoverable.
The OCC said the review that discovered the breach is still ongoing.
“Should the OCC’s continued review identify additional such incidents, the agency will report them as appropriate,” the agency said.
The top US banking regulator has revealed that a former employee downloaded more than 10,000 agency records without authorization – and the agency hasn’t been able to recover the data.