CFPB Employee Sent 256,000 Consumers’ Financial Data To Personal Email
The Consumer Financial Protection Bureau notified Congress that a bureau employee sent confidential data associated with 256,000 people to the employee’s personal email address.
Though we’re only learning about this incident now, members of Congress were notified almost a month ago — on March 21. Joe Public was left in the dark. So much for the CFPB’s touted commitment to “improving transparency.” Legislators likewise sat on it.
And that’s not all. The now-former employee also sent confidential supervisory information relating to 45 financial institutions, a CFPB spokesman told The Wall Street Journal, which broke the story. There’s no indication yet that the information went any further; nor has a motive been announced.
The information related to people doing business with seven institutions, but most were associated with one firm. The CFPB has so far declined to identify the affected institutions or the bad employee.
Unbelievably, the Feds took a light-handed approach to the massive breach. Rather than rolling an armored car to the employee’s house, the government simply asked the former employee to delete the emails and provide an “attestation” that he or she had done so. However, as of Wednesday, the employee hadn’t even done that.