An employee of the Consumer Financial Protection Bureau (CFPB) made unauthorized transfers of confidential data relating to 256,000 consumers to a personal email account, the bureau has revealed.
The CFPB found personally identifiable information relating to customers of seven institutions that had been forwarded by a staffer—who is no longer employed at the CFPB. The same staffer also accessed information that included names and transaction-specific account numbers related to about 256,000 consumer accounts at one institution.
The CFPB informed the House Committee on Financial Services about the breach in March, informing lawmakers that the breached data contained personally identifiable information (PII) as well as confidential supervisory information (CSI).
An investigation of the data breach is ongoing and the CFPB has referred the matter to a federal inspector general, who oversees investigations of the CFPB and the Board of Governors for the Federal Reserve System.
“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable. All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information,” a CFPB spokesperson said in a statement. “We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident.”
NTD News reached out to the CFPB for more information about the breach, but the bureau did not respond before this article was published.
Republicans Demand Answers
In his Tuesday letter, Huizenga called for Chopra to brief the House Financial Oversight Committee about the CFPB data breach by April 25.“It is no secret that Director Chopra wants to collect more and more data in order to push out progressive regulations,” Scott added. “Why should the CFPB be trusted to collect more data, burdening financial institutions and potentially limiting services for consumers, when they themselves have demonstrated an irresponsible handling of consumer’s financial information?”
“The CFPB followed protocols by notifying relevant committees of the breach,” Brown’s spokesperson said. “This matter has been referred to the Office of Inspector General. However, the CFPB has taken every step required of the agency, and any wrongdoers must be held accountable for misconduct.”
The CFPB has been the subject of controversy since its founding. Several lawsuits have challenged the constitutionality of how the CFPB is organized, and a U.S. appeals court ruled in October that the bureau’s funding model violates the U.S. Constitution’s Appropriations Clause. The CFPB, which exists under the auspices of the executive branch, was designed to be funded through the Federal Reserve, as opposed to the periodic congressional appropriations that fund other government agencies.