256,000 Consumer Records Exposed in U.S. CFPB Data Breach

Friday, 21 April 2023
cfpb.jpg

A significant data breach at the Bureau of Consumer Financial Protection (CFPB) has exposed the private data of 256,000 consumers. CFPB spokesperson Sam Gilford stated that an employee forwarded the personal information of more than a quarter of a million consumers to a personal email account. In total, the employee had information that included personal identifiable information (PII) from customers of seven different financial institutions, the Bureau said.

The employee had recently been fired, and is believed to have exfiltrated the company data in an act of retaliation. Gilford noted that the matter had been referred to the Inspector-General, who is reportedly taking appropriate action to address this incident. "The CFPB takes data privacy very seriously, and this unauthorised transfer of personal and confidential data is completely unacceptable," Gilford said. "All CFPB employees are trained in their obligations under bureau regulations and Federal law to safeguard confidential or personal information."

"This is irresponsible," said Joann Needleman, a member of the Clark Hill law firm. "I am very concerned because I represent clients who are sending the CFPB extraordinary amounts of data in response to [civil investigative demands] and during supervisions. They should be more responsible in the protection of that data."

Bill Huizenga, chair of the Financial Services Committee’s investigations panel, stated that "the transfer of records could have possibly implicated more than 50 financial institutions’ sensitive information. If these facts prove to be true, the effects could be widespread and injurious." Huizenga has requested briefings on the matter from consumer bureau director Rohit Chopra, with a deadline of April 25th.

Chopra is being asked for information pertaining to "mitigation and remediation efforts, the scale of the breach, as well as efforts made to give the appropriate notifications". This follows on from demands made by Chopra himself last year, when he ordered numerous tech giants (such as Amazon, Apple, Google, Meta, and PayPal) to provide information regarding how their customer data is safeguarded.

Ed Groshans, a senior research and policy analyst at Compass Point Research & Trading, echoes the concerns raised by the lawmakers. "This is a major black eye for the CFPB. The breach will create a significant problem for the agency in terms of its internal compliance issues and public image. These types of breaches are unacceptable, regardless of entity. There needs to be across-the-board stronger protections because identity theft is real."

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw