April 21 – According to the Consumer Financial Protection Bureau (CFPB), an employee forwarded the personal email of more than a quarter-million consumers to a personal email account.
The CFPB states that this incident can be categorized as a “major” breach. When the breach came to light, the employee responsible for the incident was promptly exited. However, spreadsheets with the names and transaction-specific account numbers related to consumer accounts are now outside of the CFPB’s direct control.
CFPB security safeguards
The US House Financial Services Chair, Patrick McHenry, said in a statement, “This breach raises concerns with how the CFPB safeguards consumers’ personally identifiable information.”
The bureau has referred the matter to the inspector general and said that actions are being taken to rectify the situation. “The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” says spokesperson Sam Gilford.
Implications for financial institutions
As many as 50 financial institutions may have been affected by this breach. The degree of sensitivity of the personally identifiable information that’s been compromised remains to be assessed, as does the level of risk for consumers.
“Unfortunately, this is an example of the clumsy handling of sensitive data. Even if there was no ill intent by the individual concerned, there are still huge risks to data privacy…” says Darren James, senior product manager with Specops Software.
For more on this story, please visit Politico.com. Want to stay up-to-date with trends in technology? Check out the CyberTalk.org newsletter. Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.