The Chinese government is believed to have hacked into computers at the Federal Deposit Insurance Corp. in 2010, 2011 and 2013, including the workstation of then-FDIC Chair Sheila Bair, a congressional report says.
The report issued Wednesday by the Republican majority staff of the House Science, Space and Technology Committee cites a May 2013 memo from the FDIC inspector general to agency Chairman Martin Gruenberg. The memo described an “advanced persistent threat,” said to have come from the Chinese government, which compromised 12 computer workstations and 10 servers at the FDIC.
In addition to those incidents, the committee staff has been investigating the FDIC’s response to a number of what it calls major data breaches at the agency and whether it is properly safeguarding consumers’ banking information.
FDIC spokeswoman Barbara Hagenbaugh declined to comment on the report. Gruenberg is scheduled to testify Thursday at a hearing by the committee on cybersecurity at the agency.
Zhu Haiquan, the spokesman at the Chinese Embassy in Washington, said he didn’t have detailed information on the report’s findings. “China firmly opposes and is committed to combatting all forms of cybercrimes,” Haiquan said in a statement. “China and the United States have already established a high-level joint dialogue mechanism on fighting cybercrime and related issues. This is the best channel for both sides to address this challenge. Making unfounded accusations is counterproductive.”
A Major National Security Blow
The issue of suspected Chinese government hacking has been sensitive since the disclosure last year of a massive breach of the US Office of Personnel Management’s databases, which the US believed was carried out by Chinese cyber spies. In one of the worst data breaches in US history, the personal files of 21 million Americans were stolen, and the federal personnel agency came under fire for neglecting to put in basic cybersecurity protections to prevent the plunder.
The OPM breach dealt the US a major national security blow, experts say, by exposing the personal information and foreign contacts of millions of people with security clearances.
Chinese and US officials held talks last month in Beijing to bridge differences on cybersecurity amid complaints over China-based hacking operations that the US says may already have cost US companies tens of billions of dollars. US officials have been especially eager to build on an agreement forged during Chinese President Xi Jinping’s visit to Washington last September under which neither government will support commercial cyber-theft.
Created during the Great Depression to insure bank deposits, the FDIC maintains a multibillion-dollar insurance fund. It monitors and examines the financial condition of US banks, keeping confidential information on about 9,000 banks and savings and loans.
The House committee’s chairman, Republican Lamar Smith of Texas, said the staff report shows the FDIC’s “lax cybersecurity effort.” He accused the agency of trying to stonewall the committee in its investigation.
Regarding the suspected Chinese hacking, the report says the “advanced persistent threat” compromised FDIC computers in 2010, 2011 and April 2013. “In essence, a foreign government penetrated FDIC’s computers and the workstations of high-level agency officials,” including Bair, the then-chief of staff and the then-general counsel, it says.
The agency watchdog inspector general criticized the FDIC in the 2013 memo for violating its own policies, according to the report.