Ex-CFPB worker sent data on 250,000 people to personal email account

A Consumer Financial Protection Bureau employee was fired after sending confidential consumer data on roughly 256,000 people to their personal email account in what the agency described as a “major incident.” 

The data — which the CFPB says the former employee had authorized access to — included personally identifiable information, such as names and transaction-specific account numbers, of consumers of seven institutions. 

The CFPB did not name the institutions used by customers impacted by the breach.

The bulk of the material was contained in two spreadsheets that the staffer forwarded to a personal email account, according to the agency. In total, the staffer sent themselves 65 emails.

CFPB noted that the account numbers in the spreadsheets are used internally by the agency and are not bank account numbers and cannot be used to gain access to a consumer’s account. 

The CFPB says the employee was fired after the incident was discovered in February.
REUTERS

The Wall Street Journal reported that bureau officials became aware of the potentially inappropriate use of a personal email account on Feb. 14, and the agency notified lawmakers about the incident on March 21.

The agency says it fired the employee after the incident was detected. 

“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” a spokesperson for the agency said in a statement provided to The Post.  

“All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information. We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident,” the spokesperson added. 

The CFPB says it has found no evidence that indicates that the staffer further disseminated the confidential data after it was sent to their personal email account.

But the former employee has refused to provide evidence to the agency that proves material has been deleted. 


Data
The data of roughly 256,000 people was compromised in the breach.
REUTERS

“This breach raises concerns with how the CFPB safeguards consumers’ personally identifiable information,” Rep. Patrick McHenry (R-NC), chairman of the House Financial Services Committee, told the Wall Street Journal on Wednesday.

Rep. Bill Huizenga (R-Mich.), the chairman of the Oversight and Investigations Subcommittee for the House Committee on Financial Services, sent a letter to CFPB Director Rohit Chopra on Tuesday with concerns that the effects of the breach “could be widespread and injurious.”

“Many questions remain unanswered,” Huizenga wrote. “To better understand the mitigation and remediation efforts, the scale of the breach, as well as efforts made to give the appropriate notifications, please provide a briefing to Committee staff as soon as possible but no later than April 25, 2023.”

Read the full article Here

Leave a Reply

Your email address will not be published. Required fields are marked *

DON’T MISS OUT!
Subscribe To Newsletter
Be the first to get latest updates and exclusive content straight to your email inbox.
Stay Updated
Give it a try, you can unsubscribe anytime.
close-link