For the second time in recent weeks, a federal official has issued a warning regarding potential security weaknesses with the Consumer Financial Protection Bureau’s consumer data-mining program.  In an October 30 report, United States Inspector General Mark Bialek warned CFPB Director Richard Cordray that the IG office had “identified information security as a major management challenge for the CFPB due to the advanced, persistent threat to government information technology infrastructure.”  He cautioned that “improvements are needed in four high-priority security risk areas: continuous monitoring, configuration management, security training, and incident response and reporting.”

The security problems highlighted by the IG weren’t limited to financial databases, as Bialek also warned that “CFPB management faces challenges in implementing a continuous monitoring process for all CFPB systems.”  The IG was alarmed that the CFPB did not have the capability to quickly identify cybersecurity breaches, stating, “It is difficult for the CFPB to correlate information on incident activity because it does not yet have the capability to analyze security incident information from all relevant sources.”

Bialek is not the first watchdog to raise concerns about the risk of hackers compromising sensitive consumer financial information in CFPB databases.  The same concerns were raised by the Government Accountability Office last month.  The GAO found that “additional efforts are needed in several areas to reduce the risk of improper collection, use, or release of consumer financial data” contained in CFPB databases.  It added that the “CFPB has not yet fully implemented a number of privacy control steps and information security practices, which could hamper the agency’s ability to identify and monitor privacy risks and protect consumer financial data.”

Since it began operations in 2010, the CFPB has compiled enormous amounts of consumer credit card and mortgage data.  According to The Washington Post, its goal is to amass key data for 95% of all first mortgages on 53 million residential properties in the United States and also information regarding 933 million credit cards held by U.S. consumers.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of H. Scott Kelly H. Scott Kelly

Scott is a consumer data and privacy specialist. He regularly defends against data breach lawsuits and class action claims asserted under federal and state consumer-protection statutes (FCRA, FDCPA, TCPA, UCC, UDAAP, RICO). Scott represents companies on an array of data privacy issues, including

Scott is a consumer data and privacy specialist. He regularly defends against data breach lawsuits and class action claims asserted under federal and state consumer-protection statutes (FCRA, FDCPA, TCPA, UCC, UDAAP, RICO). Scott represents companies on an array of data privacy issues, including background screening, consumer reporting, data breaches, ransomware attacks, and related regulatory investigations by the Consumer Financial Protection Bureau (CFPB), Federal Trade Commission (FTC), and state attorneys general.

Read more about H. Scott KellyScott's Linkedin Profile
Show more Show less
Photo of Michael E. Lacy Michael E. Lacy

Michael heads the firm’s Consumer Financial Services practice, and handles class actions and high-stakes consumer litigation on a nationwide basis. He represents banks, mortgage servicers, debt buyers and collectors, and lenders against claims under consumer protection statutes, including the FCRA, TCPA, RESPA, RICO,

Michael heads the firm’s Consumer Financial Services practice, and handles class actions and high-stakes consumer litigation on a nationwide basis. He represents banks, mortgage servicers, debt buyers and collectors, and lenders against claims under consumer protection statutes, including the FCRA, TCPA, RESPA, RICO, and state UDAP laws. He has significant experience litigating and trying corporate governance disputes, including shareholder derivative claims, corporate dissolution cases, and corporate divorce matters. Michael also represents public utility companies in litigation and regulatory matters, including condemnation and land use cases.

Read more about Michael E. LacyMichael E.'s Linkedin Profile
Show more Show less
Related Posts
TPL_Podcasts_PaymentsPros_LinkedIn
Payments Year in Review 2025: Federal and State Developments – Part 2
February 11, 2026
TPL_LinkedIn_CFS-Blog_DigitalAssetsYIR25
Financial Services Industry 2025 Digital Assets Year in Review
February 5, 2026
TPL_Podcasts_PaymentsPros_LinkedIn
Payments Year in Review 2025: Federal and State Developments – Part 1
January 28, 2026