CFPB staffer transferred 256,000 consumers' data to personal email account in 'major incident': report

CFPB officials say they are investigating the breach

A former Consumer Financial Protection Bureau (CFPB) employee reportedly forwarded the confidential records of over a quarter-million consumers to their personal email account.

CFPB officials told lawmakers about the breach on March 21, but it was first reported by the Wall Street Journal on Wednesday. The CFPB called it a "major incident" and says that the staffer no longer works for them.

The records contain the transaction-related numbers and names of 256,000 consumers at one unknown institution, but also had information on consumers from seven other firms. Confidential supervisory information of 45 institutions were also compromised.

It is unknown why the employee made the unauthorized transfer. The names of the institutions were also not disclosed by CFPB.

BIDEN ADMIN TO RAMP UP REGULATIONS ON COMPUTERIZED APPRAISALS OVER BIAS/RACISM CONCERNS

Consumer Financial Protection Bureau sign

Signage is seen at the Consumer Financial Protection Bureau (CFPB) headquarters in Washington, D.C., U.S., May 14, 2021. REUTERS/Andrew Kelly (REUTERS/Andrew Kelly / Reuters)

The employee has still not followed the CFPB's request to delete the emails and "provide attestation" that the emails were deleted. But a CFPB spokesperson said there is no evidence that the employee shared it beyond their personal account. 

The CFPB was first tipped off about the email transfers on February 14. During their investigation, they found 65 emails with confidential supervisory information and 14 emails with personally identifiable information about consumers.

Republican lawmakers voiced disapproval of the breach, which will likely fuel more criticism of the agency.

CHAMBER OF COMMERCE ACCUSES FTC OF 'GOING ROGUE' UNDER LINA KHAN'S LEADERSHIP

Rohit Chopra

Rohit Chopra, seen in 2018. Chopra is the Director of the Consumer Financial Protection Bureau. (Andrew Harrer/Bloomberg via Getty Images / Getty Images)

"This breach raises concerns with how the CFPB safeguards consumers’ personally identifiable information," North Carolina Congressman Patrick McHenry said.

"Why should the CFPB be trusted to collect more data, burdening financial institutions and potentially limiting services for consumers, when they themselves have demonstrated an irresponsible handling of consumers’ financial information?" South Carolina Senator Tim Scott said.

Despite the criticism, the CFPB stresses that they are thoroughly investigating the incident.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Tim Scott

CHARLESTON, SOUTH CAROLINA - FEBRUARY 16: Sen. Tim Scott (R-SC) delivers remarks at the Charleston County Republican Party’s Black History Month Banquet February 16, 2023, in Charleston, South Carolina. Scott spoke about growing up in South Carolina (Photo by Win McNamee/Getty Images)

"The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable. All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information," a spokesperson said in a statement.

"We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident," the statement added.