MESSAGE
| DATE | 2023-04-20 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [Hangout - NYLXS] =?utf-8?q?CFPB_Says_Staffer_Sent_250=2C000_Con?=
|
wsj.com
WSJ News Exclusive | CFPB Says Staffer Sent 250,000 Consumers’ Data to
Personal Account
Andrew Ackerman
5–6 minutes
Agency describes breach as a major incident and says employee no longer
works there
Updated April 19, 2023 4:35 pm ET
WASHINGTON—A Consumer Financial Protection Bureau employee forwarded to
a personal email account confidential information on thousands of
consumers and dozens of financial firms, in what the agency has
described to U.S. lawmakers as a major incident.
The employee, who no longer works at the CFPB, made an unauthorized
transfer of records containing personal information on approximately
256,000 consumers at one institution, as well as confidential
supervisory information on 45 institutions, a CFPB spokesman said. There
is no evidence the records were shared beyond the former employee’s
personal email account, the spokesman said.
While most of the personal information was tied to consumers at one
institution, the emails included information on consumers from seven
firms, the CFPB spokesman said. The CFPB hasn’t publicly identified the
firms involved in the breach or the former employee who made the transfers.
Agency officials notified lawmakers about the incident on March 21, but
they haven’t discussed it publicly. The incident hasn’t previously been
reported. The CFPB hasn’t said why the employee forwarded the data.
The incident appears to be more limited in scope than some previous
government-data breaches, such as when hackers stole the records of more
than 20 million people from the servers of the Office of Personnel
Management as part of at least two cyberattacks in 2014. Top White House
and administration officials in the past have come under scrutiny for
using personal email accounts for work.
Republican lawmakers are pressing CFPB Director Rohit Chopra for more
details, saying many questions about the incident remain unanswered.
“This breach raises concerns with how the CFPB safeguards consumers’
personally identifiable information,” said Rep. Patrick McHenry (R.,
N.C.), chairman of the House Financial Services Committee.
The CFPB spokesman played down the severity of the breach, saying the
personal information is largely limited to two spreadsheets with names
and transaction-specific account numbers used internally by the
financial institution. They don’t include the consumers’ bank account
numbers and can’t be used to access a consumer’s account, the spokesman
said.
The agency asked the former employee to delete the emails from his or
her personal account and to “certify” and “provide attestation” that
each email was deleted. As of Wednesday, the former employee hasn’t
complied with these demands, the CFPB spokesman said.
A spokeswoman for Sen. Sherrod Brown (D., Ohio), who heads the Senate
Banking Committee, said the bureau “followed protocols by notifying
relevant committees of the breach” and has referred the matter to a
government watchdog. “It would be irresponsible to speculate or jump to
conclusions,” the spokeswoman said.
The incident is likely to renew Republican complaints about the bureau’s
efforts to collect consumer data on credit cards and mortgages through
its disclosure rules, consumer complaint database and enforcement
actions. They say such actions threaten privacy and information security.
“Why should the CFPB be trusted to collect more data, burdening
financial institutions and potentially limiting services for consumers,
when they themselves have demonstrated an irresponsible handling of
consumers’ financial information?” said Sen. Tim Scott of South
Carolina, the top Republican on the Senate banking panel.
Financial regulators collect confidential information on the banks and
other financial firms they supervise. They have access to so-called
personally identifiable information that can be linked to the individual
consumers of those institutions. Though the former employee had access
to the confidential data as part of his or her job, officials are
generally prohibited from transmitting these records from a government
email account to a personal account.
In notifying lawmakers about the incident last month, consumer bureau
officials said they became aware of the potentially inappropriate use of
a personal email account on Feb. 14, people familiar with the matter
said. A subsequent review found roughly 65 emails, some with
attachments, that contained confidential supervisory information. Of
those, about 14 emails contained personally identifiable information, or
PII, about consumers.
Write to Andrew Ackerman at andrew.ackerman-at-wsj.com
Copyright ©2023 Dow Jones & Company, Inc. All Rights Reserved.
87990cbe856818d5eddac44c7b1cdeb8
Appeared in the April 20, 2023, print edition as 'CFPB Staffer Sent
Consumers’ Data To Personal Account'.
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|
