Congress is mounting another attempt to determine if the Consumer Financial Protection Bureau (CFPB) is complying with federal cybersecurity standards as it amasses an unprecedented amount of private data on personal consumer behavior, The Daily Caller News Foundation has learned.
Privacy advocates are alarmed about CFPB’s accumulation of data on 991 million consumer credit card accounts and 53 million residential mortgages.
The agency that was created in 2010 by President Barack Obama has been snooping on consumer activity by pulling private consumer records from 7,062 financial institutions and 300 credit card issuers without the permission of the record holders. The bureau has rebuffed previous congressional queries about its big data program and the measures it has taken to protect the security of millions of records and the privacy of the people covered by the records.
Congress created CFPB under the Federal Reserve, putting the bureau’s budget beyond the reach of congressional oversight and transferring Federal Reserve’s authority to collect mortgage and credit card data to CFPB. Republicans in Congress, including House Committee on Financial Services Chairman [crscore]Jeb Hensarling[/crscore], want to either replace CFPB or bring it explicitly under congressional oversight authority.
TheDCNF obtained a June 6 letter from the House Committee on Science, Space and Technology to Federal Reserve Inspector General Mark Bialek seeking unredacted copies of all documents regarding CFPB compliance with the Federal Information Security Modernization Act of 2014 which imposes specific tasks on federal agencies to assure federal data is safeguarded.
Rep. [crscore]Lamar Smith[/crscore], chairman of the Science Committee, told TheDCNF, “Given the millions of consumers’ sensitive information the CFPB stores on its systems, it is crucial that this information be safeguarded.
“We will continue to do everything in our power to ensure that agencies, such as the CFPB, have the proper controls in place to keep Americans’ sensitive information safe and secure from cyber threats.”
Rep. [crscore]Sean Duffy[/crscore], chairman of the House Financial Services Subcommittee on Oversight and Investigations, told TheDCNF he was concerned about the bureau’s cybersecurity programs. “It’s outrageous that the CFPB isn’t taking the right steps ensure the data’s security. As a result, Americans’ consumer data is at risk.”
“It’s grossly unnecessary for them to collect massive amounts of consumer data,” Duffy said. “The bureau that is tasked with protecting consumers does not even receive consent to collect information from the people they claim to protect.”
The Obama administration is still reeling from the massive 2013 data breach of the Office of Personnel Management (OPM) which allowed hackers to access records of 21.5 million current and former federal, military and contract personnel who had background checks since 2000. Last month, the acting inspector general for OPM reported OPM had made little progress to protect federal records from breaches, concluding that years after the attack, “OPM has still not performed many of the critical capital project planning practices” to protect government personnel files.
CFPB itself has been vague about the steps it is taking to safeguard consumer records.
In a January, 2014, hearing before the House Committee on Financial Services, Rep. [crscore]Randy Neugebauer[/crscore] asked CFPB Director Richard Cordray if he can “personally guarantee that the consumer information is 100 percent secure.”
Cordray demurred, but said the bureau “attempts to safeguard any information we have about the American public.”
Argus Information & Advisory Services of White Plains, N.Y., collects the CFPB credit card information, according to USAspending.gov, a government contracting website. To date, Argus has been paid $7.1 million in three contracts as part of CFPB’s “special studies analysis” program.
Alex Sulkowski, a managing director for Argus, refused to divulge any information about the program. He told TheDCNF, “our contracts prohibit us from discussing anything about our clients or the nature of our work.”
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.