Skip to main content
close search
site logo
Dive Brief

CFPB: Staffer breached data on 256,000 consumer accounts

Published April 20, 2023
Anna Hrushka's headshot
Senior Reporter
Entrance to CFPB building
The exterior of the CFPB office in Washington, D.C., is shown. The image by Ted Eytan is licensed under CC BY-SA 2.0

Dive Brief:

  • A former Consumer Financial Protection Bureau employee forwarded confidential information on thousands of consumers to a personal email account, the agency said.
  • The CFPB, which notified lawmakers of the “major incident” last month, said the now-fired employee sent two spreadsheets containing names and transaction-specific account numbers related to roughly 256,000 consumer accounts at a single institution.
  • The bureau said it has referred the matter to the Office of the Inspector General. The CFPB did not name the individual responsible for the breach.

Dive Insight:

The CFPB, which notified lawmakers of the breach March 21, said it has not found any evidence that the confidential information was shared beyond the employee’s personal email account. 

“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” a CFPB spokesperson said of the breach, which was first reported Wednesday by The Wall Street Journal. “All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information.” 

The agency first became aware of the incident Feb. 14, people familiar with the matter told the Journal. After the incident was detected, the employee’s network access was revoked. The employee no longer works at the CFPB, the agency said.

The former employee has not complied with the CFPB’s demand to certify that the emails from his or her personal email have been deleted, according to the agency, which said it has relayed that information to the OIG.

The CFPB said the information involved in the breach includes the personally identifiable information of customers of seven institutions. The breach also involved confidential supervisory information on 45 institutions, The Wall Street Journal reported. 

Coordination and outreach are still ongoing for the remaining institutions to identify the sensitivity of the PII and assess the risk of harm to consumers, the CFPB said. The agency did not disclose the names of the affected institutions.

Republican lawmakers — including Rep. Bill Huizenga of Michigan, who leads the House Financial Services Committee’s investigations panel, and Sen. Tim Scott of South Carolina, the ranking member on the Senate Banking Committee — requested briefings by CFPB Director Rohit Chopra regarding the breach.

Scott, in a statement Wednesday, blasted the agency’s data management practices in light of recent CFPB efforts to collect consumer data on credit cards and mortgages.

“It is no secret that Director Chopra wants to collect more and more data in order to push out progressive regulations,” Scott said. “Why should the CFPB be trusted to collect more data, burdening financial institutions and potentially limiting services for consumers, when they themselves have demonstrated an irresponsible handling of consumer’s financial information?”

Editors' picks

Company Announcements

View all | Post a press release
Agent IQ and Narmi Announce Strategic Partnership to Improve Digital Banking Experiences
From Narmi
October 31, 2024
Unitus Community Credit Union Deploys JUDI.AI to Scale Small Business Lending
From JUDI.AI
October 31, 2024
WyHy Federal Credit Union Goes Digital with Narmi Account Opening
From Narmi
October 29, 2024
interface.ai Raises 30M to Expand AI-Driven Banking Solutions
From Olivia Hawthorne
October 22, 2024
Editors' picks
Latest in Regulations & Policy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell