Republicans Want Information on CFPB Data Breach
Republicans in Congress are demanding answers after a CFPB employee was found to have sent confidential agency records to their personal email account.
Bureau employee found to have sent confidential agency records to personal email account.
Republicans on Capitol Hill want CFPB officials to explain how an agency employee was able to transfer personal information about financial institution account holders to their personal computer.
“My understanding is that the transfer of records could have possibly implicated more than 50 financial institutions’ sensitive information,” Rep. Bill Huizenga, R-MI, chairman of the House Financial Services Committee Oversight and Investigations Subcommittee, wrote, in a letter to CFPB Director Rohit Chopra. “If these facts prove to be true, the effects could be widespread and injurious.”
The CFPB confirmed that a now-former employee was found to have sent confidential agency records to their personal email account.
What Information Was Leaked?
The documents, which the employee had authorized access to in the course of their work, included two spreadsheets containing names and transaction-specific account numbers related to roughly 256,000 consumer accounts at a single institution. The data did not contain consumer bank accounts.
The agency said a smaller amount of information involving seven additional financial institutions also was sent to the former employee’s computer.
After the incident was detected, the employee’s network access was revoked and they no longer are employed at the agency, CFPB officials said. The bureau has also directed the now-former employee to delete the information and attest that they had done so. The individual has not complied with that demand and the case has been referred to the agency’s Office of Inspector General. The agency said that Congress and other federal regulators also had been informed.
“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” an agency spokesperson said. “All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information.
Senate Banking Committee ranking Republican Sen. Tim Scott, R-S.C., said the breach is particularly serious considering recent actions by the bureau.
“Since your agency became aware of the data breach, the CFPB has finalized an additional rule involving the vast collection of small business lending data on credit products, including term loans, lines of credit, credit cards, merchant cash advances, and even personally identifiable information like race, ethnicity, and sex,” he wrote, in a letter to Chopra. “This is highly concerning given that the CFPB has provided limited insight to Congress into the CFPB’s data management practices and efforts to ensure the privacy of consumer and small business data.”