2023 Consumer Financial Protection Bureau data breach

The Consumer Financial Protection Bureau (CFPB) experienced a significant security breach in March 2023 when a former employee transferred confidential information on approximately 256,000 consumers and forty-five financial institutions to their personal email account.^[1]^[2] The unauthorized transfer involved data from seven firms, though the majority of the consumer information came from one institution.^[1] The data was sent over fourteen emails and it contained personally identifiable information (PII) of consumers.^[3] The employee also sent two spreadsheets with names and transaction-specific account numbers for about 256,000 consumer accounts at a single institution.^[3] Neither the firms nor the employee have been publicly identified.^[1]

The CFPB first became aware of abuse on 14 February 2023.^[4]^[2] They informed U.S. lawmakers of the incident on March 21, but it was not made public until April 24.^[1]^[2]^[5] Shortly following the data breach, Senator Cruz and Rep Donalds authored a bill seeking to eliminate the CFPB.^[6]

In response to the 2023 data breach, the Southwest Public Policy Institute (SPPI) established the Bureau to Protect Financial Consumers (BPFCCFPB) to advocate for better oversight and protection of consumer data.^[7] The Institute claims this initiative reflects broader concerns about data security and management practices within governmental consumer protection agencies.

References

^ ^a ^b ^c ^d Ackerman, Andrew. "WSJ News Exclusive | CFPB Says Staffer Sent 250,000 Consumers' Data to Personal Account". The Wall Street Journal.
^ ^a ^b ^c O'Donnell, Katy. "CFPB says employee breached data of 250,000 consumers in 'major incident'". Politico.
^ ^a ^b Hur, Krystal (April 20, 2023). "CFPB says employee sent confidential data of 256,000 consumers to personal email". CNN.
^ Berry, Kate; Williams, Claire (April 20, 2023). "CFPB data breach sends shock waves through the financial industry". American Banker.
^ Berry, Kate (25 April 2023). "CFPB still has not notified consumers about data breach". American Banker.
^ Catenacci, Thomas (27 April 2023). "Ted Cruz, Byron Donalds take action to eliminate federal agency". Fox News.
^ Revell, Eric (2023-10-26). "Think tank launches campaign to protect consumers from CFPB after agency data breach". FOXBusiness. Retrieved 2024-04-18.

[auto3-1] Ackerman, Andrew. "WSJ News Exclusive | CFPB Says Staffer Sent 250,000 Consumers' Data to Personal Account". The Wall Street Journal.

[auto2-2] O'Donnell, Katy. "CFPB says employee breached data of 250,000 consumers in 'major incident'". Politico.

[auto-3] Hur, Krystal (April 20, 2023). "CFPB says employee sent confidential data of 256,000 consumers to personal email". CNN.

[auto1-4] Berry, Kate; Williams, Claire (April 20, 2023). "CFPB data breach sends shock waves through the financial industry". American Banker.

[5] Berry, Kate (25 April 2023). "CFPB still has not notified consumers about data breach". American Banker.

[6] Catenacci, Thomas (27 April 2023). "Ted Cruz, Byron Donalds take action to eliminate federal agency". Fox News.

[7] Revell, Eric (2023-10-26). "Think tank launches campaign to protect consumers from CFPB after agency data breach". FOXBusiness. Retrieved 2024-04-18.

[1]

[2]

[3]

[4]

[5]

[6]

[7]