Sen. Tim Scott (R-SC) on Wednesday led 22 of his colleagues in drafting a letter to Richard Cordray, director of the Bureau of Consumer Financial Protection (CFPB), questioning the security of financial data on millions of Americans that the CFPB and its contractors collect and store.
The letter follows recent data breaches at the Internal Revenue Service and Office of Personnel Management.
“While [the IRS and OPM] investigations remain ongoing, we believe that now is a critical time to examine the measures other government agencies take to secure personal data they collect on Americans,” Scott and the Senators said. “Under the Dodd-Frank Act, the CFPB has begun accumulating loan-level data ‘covering approximately 80 percent of the credit card marketplace’ — hundreds of millions of credit card accounts… We are gravely concerned by the CFPB's inability to confirm that the massive amount of data it collects and stores could not be reverse-engineered and traced back to one of our constituents.”
A report last fall by the Government Accountability Office identified several weaknesses in the CFPB’s protection of consumer data, including hundreds of millions of credit card accounts, home mortgage loan information, and other financial records.
The CFPB was asked to provide detailed information on the security of the CFPB’s information technology systems, plans for notifying consumers whose data may be stolen in an IRS- or OPM-style breach, and how the CFPB guarantees data security at third-party vendors it uses for data collection and storage.
1700 G St NW
Washington, DC 20552