The federal agency tasked with protecting consumers seemed to be doing the exact opposite, thanks to a data breach enacted by one of its employees. However, the agency claims the situation is not a cause for alarm.
The Wall Street Journal reported an unnamed worker at the Consumer Financial Protection Bureau (CFPB) forwarded confidential data their personal email account. The data contained personal information on approximately 256,000 consumers at one institution plus confidential supervisory information on 45 institutions; information on consumers at seven firms were also part of the data breach.
The employee responsible for this action is no longer with the CFPB and the agency claimed there was no evidence that the information was shared elsewhere. According to the Journal, a CFPB spokesperson insisted the “personal information is largely limited to two spreadsheets with names and transaction-specific account numbers used internally by the financial institution,” without the inclusion of consumers’ bank account numbers.
The agency also requested that the former employee to delete the emails from their personal account and to “certify” and “provide attestation” the deletion – to date, this has not occurred.