The Consumer Financial Protection Bureau (CFPB) says it has suffered a data breach which saw an employee forward the personal information of more than quarter of a million Americans to a personal email account.
The unnamed staffer - who has been fired - sent spreadsheets with names and transaction-specific account numbers related to 256,000 consumer accounts at a single unnamed institution. He also forwarded confidential supervisory information on 45 financial institutions, according to the Wall Street Journal.
The bureau has referred the matter to the inspector general, spokesperson Sam Gilford told reporters, adding “The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable”.
The CFPB discovered the breach in February and informed lawmakers in March but the incident became public this week when it was reported by the Journal.
The Republican Chairman of the Financial Services Subcommittee on Oversight and Investigations, Bill Huizenga has written to CFPB director Rohit Chopra demanding a briefing.
Writes Huizenga: “At the time of your notification, you indicated that the investigation was ongoing. You explained that the employee is no longer employed by the agency and that the employee certified they deleted each email. However, many questions remain unanswered."