The Consumer Financial Protection Bureau has reported a data breach that impacted more than 250,000 consumers.
The Feb. 14 breach was reported in an April 19 Wall Street Journal article. Media reports indicated that a CFPB employee who has since left the agency forwarded to a personal email account personal information on 256,000 consumers and confidential supervisory information on 45 financial institutions.
A CFPB spokesperson told the newspaper that there was no evidence that the employee had shared the data with anyone else and that the information could not have been used to access consumer bank accounts. The CFPB reportedly asked the former employee to delete the emails and provide confirmation, but the person did not comply.
“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” an agency spokesperson said in an emailed statement to PYMNTS. “All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information. We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident.”
The breach has sparked requests for more information from top Republicans who say more review is needed after the CFPB finalized small business data collection and reporting requirements under Section 1071. In an April 19 letter to CFPB Director Rohit Chopra, U.S. Senate Banking Committee Ranking Member Tim Scott (R-S.C.) requested a May 8 briefing on the content of the data taken from the system; any remediation work done to address the breach; and data privacy practices and changes to address privacy concerns in the wake of the incident.