A major data breach at the Consumer Financial Protection Bureau (CFPB) that exposed the information of more than 250,000 consumers earlier this year has sparked pushback from a think tank looking to hold the watchdog accountable.
The CFPB learned of the breach in February, which involved an agency employee sending spreadsheets with names and transaction-related numbers for the accounts of about 256,000 consumers at one institution, as well as confidential supervisory information for more than 40 financial institutions, to her personal email account. The staffer no longer works for the CFPB, and the agency referred the matter to its inspector general, who is investigating.
In response to the breach, the Southwest Public Policy Institute (SPPI) is launching a campaign called the Bureau to Protect Financial Consumers, which bills its mission as “protecting American consumers from the Consumer Financial Protection Bureau.”
Patrick Brenner, founder and president of the Southwest Public Policy Institute, told FOX Business that the campaign aims to gather the stories of consumers who were impacted by the CFPB breach: “We would like individuals to come to us to tell their stories so that we can combine all of these stories into an appropriate narrative that we can convey to the American public at large as an accountability mechanism to hold the CFPB accountable and ensure that such a circumstance never occurs again.”
SUPREME COURT TAKES UP CASE THAT COULD DETERMINE CFPB’S FATE
“I think that the CFPB has been mismanaging this entire fiasco right out of the gate, and that is such a disservice to the American consumer that they’re tasked with protecting,” Brenner said. He suggested that consumers who were notified by the CFPB that their information was involved in the breach monitor their credit reports and noted that they should do so for several years because nefarious actors exploiting data breaches may bide their time before looking to take advantage of the information they obtained.
“Data breaches like this are all too common, and as a result of the data breach, consumers are — not in the immediate future, but likely three years down the road, are going to be subjected to fraudulent applications for credit,” he said. “What we typically see in the cybersecurity sector is that there’s a waiting period.”
BIDEN CALLED UPON BY PRO-GROWTH GROUPS TO WITHDRAW CFPB’S LATE FEES RULE
In the wake of the breach, the CFPB says that it completed the process of notifying consumers and institutions whose information was exposed. After consulting with those institutions, it concluded the compromised information couldn’t be used to access a consumer’s account or commit identity theft, and that no Social Security numbers or dates of birth were exposed.
“The CFPB takes data privacy very seriously, and the unauthorized transfer of personal and confidential data is completely unacceptable,” a CFPB spokesperson told FOX Business.
The CFPB added that it’s not aware of any instances of identity theft stemming from the former employee’s theft of the data.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
After the breach was announced this spring, members of Congress including House Financial Services Committee Chairman Patrick McHenry, R-N.C., and Senate Banking Committee Ranking Member Tim Scott, R-S.C., raised concerns about the CFPB’s ability to collect and adequately safeguard consumers’ personally identifiable information.