2023 Consumer Financial Protection Bureau data breach

The Consumer Financial Protection Bureau (CFPB) data breach occurred in March 2023 at the US Consumer Financial Protection Bureau.^[1]^[2]

Data breach[edit]

The Consumer Financial Protection Bureau (CFPB) experienced a significant security breach when a former employee transferred confidential information on approximately 256,000 consumers and forty-five financial institutions to their personal email account.^[3]^[4] The unauthorized transfer involved data from seven firms, though the majority of the consumer information came from one institution.^[3] The data was sent over fourteen emails and it contained personally identifiable information (PII) of consumers.^[5] The employee also sent two spreadsheets with names and transaction-specific account numbers for about 256,000 consumer accounts at a single institution.^[5] Neither the firms nor the employee have been publicly identified.^[3]

The CFPB first became aware of abuse on 14 February 2023.^[1]^[4] They informed U.S. lawmakers of the incident on March 21, but it was not made public until April 24th.^[3]^[4]^[6] Shortly following the data breach, Senator Cruz and Rep Donalds authored a bill seeking to eliminate the CFPB.^[7]

Aftermath[edit]

In response to the 2023 data breach, the Southwest Public Policy Institute (SPPI) established the Bureau to Protect Financial Consumers (BPFCCFPB) to advocate for better oversight and protection of consumer data.^[8] The Institute claims this initiative reflects broader concerns about data security and management practices within governmental consumer protection agencies.

References[edit]

^ ^a ^b Berry, Kate; Williams, Claire (April 20, 2023). "CFPB data breach sends shock waves through the financial industry". American Banker.
^ Vittorio, Andrea; Weinberger, Evan; Witley, Skye (April 20, 2023). "CFPB Consumer Records Breach Draws Lawmakers' Probe (1)". Bloomberg Law.
^ ^a ^b ^c ^d Ackerman, Andrew. "WSJ News Exclusive | CFPB Says Staffer Sent 250,000 Consumers' Data to Personal Account". Wall Street Journal.
^ ^a ^b ^c O'Donnell, Katy. "CFPB says employee breached data of 250,000 consumers in 'major incident'". Politico.
^ ^a ^b Hur, Krystal (April 20, 2023). "CFPB says employee sent confidential data of 256,000 consumers to personal email". CNN.
^ Berry, Kate (25 April 2023). "CFPB still has not notified consumers about data breach". American Banker.
^ Catenacci, Thomas (27 April 2023). "Ted Cruz, Byron Donalds take action to eliminate federal agency". Fox News.
^ Revell, Eric (2023-10-26). "Think tank launches campaign to protect consumers from CFPB after agency data breach". FOXBusiness. Retrieved 2024-04-18.

[auto1-1] Berry, Kate; Williams, Claire (April 20, 2023). "CFPB data breach sends shock waves through the financial industry". American Banker.

[2] Vittorio, Andrea; Weinberger, Evan; Witley, Skye (April 20, 2023). "CFPB Consumer Records Breach Draws Lawmakers' Probe (1)". Bloomberg Law.

[auto3-3] Ackerman, Andrew. "WSJ News Exclusive | CFPB Says Staffer Sent 250,000 Consumers' Data to Personal Account". Wall Street Journal.

[auto2-4] O'Donnell, Katy. "CFPB says employee breached data of 250,000 consumers in 'major incident'". Politico.

[auto-5] Hur, Krystal (April 20, 2023). "CFPB says employee sent confidential data of 256,000 consumers to personal email". CNN.

[6] Berry, Kate (25 April 2023). "CFPB still has not notified consumers about data breach". American Banker.

[7] Catenacci, Thomas (27 April 2023). "Ted Cruz, Byron Donalds take action to eliminate federal agency". Fox News.

[8] Revell, Eric (2023-10-26). "Think tank launches campaign to protect consumers from CFPB after agency data breach". FOXBusiness. Retrieved 2024-04-18.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]