Major US CFPB Data Breach Caused by Employee

  /     /     /  
Publicated : 23/11/2024   Category : security


Major US CFPB Data Breach Caused by Employee


The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.



The Consumer Financial Protection Bureau (CFPB), an agency of the US government that protects consumers in the financial sector, announced that an employee committed a major breach in emailing the personal information of 256,000 consumers to a personal email account.
In briefings between lawmakers and the consumer bureau director, Rohit Chopra, the agency staff informed elected officials that they first learned of the breach on Feb. 14. Chair of the Financial Services Committees investigation panel on the matter,
Rep. Bill Huizenga, stated in a letter to Chopra
that the transfer of records could have possibly implicated more than 50 financial institutions sensitive information and requested a briefing before a deadline of April 25.
The employment of the individual who committed the breach has been terminated by the agency, and the person has been asked to delete the emails and provide proof of such, though the person has yet to comply with these requests.
This unauthorized transfer of personal and confidential data is completely unacceptable. All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information,
the agency stated
.
At this time, the agency has identified that the information included in the breach involves personal identifiable information (PII) of customers from seven institutions, though they are not yet sure of the degree of sensitivity of the PII and are still assessing the level of risk to the consumers involved.
Unfortunately, this is an example of clumsy handling of sensitive data. Even if there was no ill intent by the individual concerned there are still huge risks to data privacy whether the email was encrypted, who else has access to that email account, and whether theres a strong password or MFA enabled on the personal email account, Darren James, senior product manager with Specops Software, said in an emailed statement. The CFPB has a lesson to learn here in
responsible data handling
. Any training done has failed and more emphasis should be made on Cyber Aware Training in the future to prevent poor security hygiene like this instance.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Major US CFPB Data Breach Caused by Employee