The Consumer Financial Protection Bureau (CFPB) has reported a data breach involving an employee who forwarded personal information of over 256,000 Americans to a personal email account.
The staff member, who has since been terminated, sent spreadsheets containing names and transaction-specific account numbers related to these consumer accounts at an unnamed financial institution. Additionally, the breach included confidential supervisory information pertaining to 45 financial institutions, as reported by the Wall Street Journal.
CFPB spokesperson Sam Gilford stated, “The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable.” The Bureau discovered the incident in February and informed lawmakers in March, but it only became public knowledge this week following the Journal’s report.
Bill Huizenga, the Republican Chairman of the Financial Services Subcommittee on Oversight and Investigations, has written to CFPB Director Rohit Chopra requesting a briefing on the matter. Huizenga noted, “At the time of your notification, you indicated that the investigation was ongoing. You explained that the employee is no longer employed by the agency and that the employee certified they deleted each email. However, many questions remain unanswered.”