A spokesperson for the CFPB confirmed the data leak. The unnamed staffer, who the CFPB has already fired, reportedly sent spreadsheets with names and transaction-specific account numbers related to 256,000 accounts at one institution to his personal email account. (Related: OPEN SECRET: 1.25M people have access to top secret documents in America.)
The spokesperson added that there is no evidence that the confidential data was shared beyond the former employee's personal email account.
While most of this personal information was tied to consumers at just one institution, the emails also included information on consumers from seven other firms and confidential supervisory information on 45 financial institutions. The CFPB has not publicly identified the firms involved in the breach or the former employee who made the transfers.
The incident has sparked concerns from lawmakers and prominent people from the financial industry alike about how secure Americans' information actually is in the hands of the CFPB.
"This is a major black eye for the CFPB," said Ed Groshans, a senior research and policy analyst at Compass Point Research & Trading. He added that the breach is likely to create a significant problem for the agency in terms of its internal compliance issues and public image.
"These types of breaches are unacceptable, regardless of entity," said Groshans. "There needs to be across-the-board stronger protections because identity theft is real."
"This breach raises concerns with how the CFPB safeguards consumers' personally identifiable information," said Republican Rep. Patrick McHenry of North Carolina, chairman of the House Financial Services Committee.
Democratic Sen. Sherrod Brown of Ohio, chair of the Senate Banking Committee, rushed to the CFPB's defense by saying through his spokeswoman that the agency "followed protocols by notifying relevant committees of the breach" and has referred the incident to a government watchdog. "It would be irresponsible to speculate or jump to conclusions," she added.
But GOP Sen. Tim Scott of South Carolina noted that this incident has renewed the Republican Party's complaints about the CFPB's efforts to collect private consumer data on credit cards and mortgages through its disclosure rules, consumer complaint database and enforcement actions.
"Why should the CFPB be trusted to collect more data, burdening financial institutions and potentially limiting services for consumers, when they themselves have demonstrated an irresponsible handling of consumers' financial information," said Scott, who also serves as the GOP's ranking member on the Senate Banking Committee.
The CFPB has asked the former employee to delete the emails from his personal email account and to provide the agency with certification and attestation that each email has been deleted. As of press time, the CFPB has not reported whether or not the former employee has complied with these demands.
Learn more about leaks of private information from government agencies at PrivacyWatch.news.
Watch this clip from Fox News discussing how the Pentagon leaks reveal the "incredible" ties China is building with Latin American nations.