An employee for the Consumer Financial Protection Bureau made an unauthorized transfer of consumer data to a personal email account, the agency said Wednesday.
Roughly 256,000 consumers were impacted by the incident, and the employee is no longer employed by the CFPB.
Their names and transaction-specific account numbers at a single institution were included on a spreadsheet sent to the personal email account. The numbers were used internally by the institution and cannot be used to gain access to consumers’ accounts, the CFPB said.
There is no evidence the information was shared beyond the former employees email account. The CFPB has directed the former employee to delete the emails from their personal account, but the former employee has not complied with the demand.
“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” a CFPB spokesperson told MarketWatch. “We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident.”
Read the full article here
