WASHINGTON–The CFPB has provided additional details around a data breach involving one of its employees who reportedly sent confidential records related to approximately 256,000 consumers to their personal email.
In addition, the CFPB is now saying it was aware of the massive breach for several weeks before it publicly announced it, and has said the employee involved, who has since been fired, was one of its examiners.
The employee also transferred confidential supervisory information on 45 institutions to that same personal email account, the Bureau has confirmed.
According to the Bureau, its staff notified select lawmakers last month that they learned of the breach on Feb. 14 in an email describing the situation as a “major incident.”
“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” the CFPB said in a statement. “All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information. We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident.”
What Was Included
In the statement, the CFPB said the documents included two spreadsheets that contained names and transaction-specific account numbers of the tens of thousands of customer accounts at a single institution.
“The numbers are used internally by the institution, are not the consumers’ bank account numbers, and cannot be used to gain access to a consumer’s account. These two spreadsheets contained the vast majority of the impacted (personally identifiable information),” a spokesperson said.
In total, the CFPB said the information in question includes personally identifiable information of customers at seven institutions. It added that while the investigation is ongoing, there is no evidence that the confidential information was spread beyond the now-former employee’s personal email account.
Republicans Blast CFPB
Congressional Republicans, who have long been critical of the CFPB, were quick to blast the data breach.
“This breach raises concerns with how the CFPB safeguards consumers’ personally identifiable information,” House Financial Services Committee Chairman Patrick McHenry (R-NC) said. “The Committee is requesting that Director Chopra provide a briefing and the details of their internal investigation into why and how this happened. Republicans will ensure any bad actors are held accountable.”
Feeling the FOMO Fever? CUToday.info Has a Prescription
Are you missing out on the latest news in credit unions? Missing the trends and developments you need to be aware of? We can help. Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
And it’s free!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com