2 minute read

CFPB reports major data breach

April 26, 2023

The Consumer Financial Protection Bureau is working through the fallout of a major data breach.

Politico reports the CFPB claimed one of its employees forwarded the personal information of more than a quarter-million consumers to a personal email account.

The employee was fired when the data breach came to light. It was reported the employee sent spreadsheets with names and transaction-specific account numbers related to those 256,000 consumer accounts at a single institution.

CFPB spokesperson Sam Gilford said in the Politico article, the bureau has referred the matter to the inspector general and is “taking appropriate action to address this incident.”

“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” Gilford said. “All CFPB employees are trained in their obligations under bureau regulations and Federal law to safeguard confidential or personal information.”

Agency staff told lawmakers they had learned of the breach Feb. 14 in an email notifying them about the “major incident” that they sent on March 21.

The CFPB incident comes as the deadline for the implementation of the Federal Trade Commission’s Safeguards Rule nears.

The FTC Safeguards Rule deadline is June 9. It was extended from December in November.
According to the FTC, the Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.

The updated rules approved in October 2021 require financial institutions to designate an individual to oversee their security program, develop a written risk assessment, limit and monitor who can assess customer information, encrypt information, train security personnel, develop a response plan, assess security practices of service providers and implement multi-factor authentication for any individual accessing customer information.

Penalties can range up to $46,517 per violation.

The Texas Independent Automobile Dealers Association is offering a course on the requirements of the Safeguards rule. Register here.

NIADA Author

The National Independent Automobile Dealers Association (NIADA) is among the nation’s largest trade associations, representing the used motor vehicle industry comprised of some 40,000 licensed used car dealers. Since 1946, NIADA has represented the voice and interests of used car dealers at the federal level in Washington D.C. Coupled with its state association network across the country, NIADA’s grass-roots framework provides a dual layer of advocacy unmatched in the used motor vehicle industry. For 75 years, NIADA has engineered programs and leveraged technology to fulfill its mission to advance, educate and promote the independent used car dealer. NIADA members subscribe to a strict Code of Ethics of duty, honor and integrity, and believe in the advancement of small business in support of the free-market system. More information about NIADA, visit www.niada.com.