While treated as a "major" event, the practical risk to the government isn't high. The data was encrypted precisely to prevent damage from a loss like this, and there's no indication that any controlled or private info has fallen into the wrong hands.

More than anything, the issue is that the OCC let this data leave in the first place. The agency implemented a policy in August 2016 that bars employees from transferring data to removable storage without a supervisor's approval, but it came too late to catch the thumb drive episode. Also, there's a chance that this isn't the only breach. Investigators spotted the data transfer on September 1st, or shortly into a retrospective review of file transfers that remains underway. It's too soon to know if this was a one-off event or a sign of additional problems. Either way, it's not good news for a government that's still trying to mend its security.