For the second time in recent weeks, a federal official has issued a warning regarding potential security weaknesses with the Consumer Financial Protection Bureau’s consumer data-mining program.  In an October 30 report, United States Inspector General Mark Bialek warned CFPB Director Richard Cordray that the IG office had “identified information security as a major management challenge for the CFPB due to the advanced, persistent threat to government information technology infrastructure.”  He cautioned that “improvements are needed in four high-priority security risk areas: continuous monitoring, configuration management, security training, and incident response and reporting.”

The security problems highlighted by the IG weren’t limited to financial databases, as Bialek also warned that “CFPB management faces challenges in implementing a continuous monitoring process for all CFPB systems.”  The IG was alarmed that the CFPB did not have the capability to quickly identify cybersecurity breaches, stating, “It is difficult for the CFPB to correlate information on incident activity because it does not yet have the capability to analyze security incident information from all relevant sources.”

Bialek is not the first watchdog to raise concerns about the risk of hackers compromising sensitive consumer financial information in CFPB databases.  The same concerns were raised by the Government Accountability Office last month.  The GAO found that “additional efforts are needed in several areas to reduce the risk of improper collection, use, or release of consumer financial data” contained in CFPB databases.  It added that the “CFPB has not yet fully implemented a number of privacy control steps and information security practices, which could hamper the agency’s ability to identify and monitor privacy risks and protect consumer financial data.”

Since it began operations in 2010, the CFPB has compiled enormous amounts of consumer credit card and mortgage data.  According to The Washington Post, its goal is to amass key data for 95% of all first mortgages on 53 million residential properties in the United States and also information regarding 933 million credit cards held by U.S. consumers.