A report issued by the Government Accountability Office has revealed that a federal agency is collecting financial data on millions of Americans and failing to store it securely.
According to the Washington Post, the Consumer Financial Protection Bureau (CFPB) has been gathering reams of financial data despite having no process in place for assessing security risks.
The massive trove of data includes information on 75 million credit cards and 5.5 million student loans. According to the report, over the last two years, the CFPB decided to collect data to “detect risks in consumer financial markets.”
While the CFPB has at least taken steps to anonymize the data by ensuring credit card information cannot be linked to specific individuals, the GAO recommended that the agency consult with the White House for establishing proper security procedures.
Privacy controls are still missing, and there is no mechanism for independent review of privacy concerns. Although the CFPB does scan the data for vulnerabilities, no written procedures exist for how data is stored or protected.
CFPB spokesman Sam Gilford shot back in a statement on Wednesday, in an effort to counter criticisms of the agency:
As the report notes, the majority of the large datasets maintained by the CFPB are de-identified, and many of the largest datasets maintained by the CFPB use data procured from commercial aggregators, which is also available for purchase by private companies.
However, the CFPB does agree with the recommendations of the GAO.
The CFPB was established in 2011 as a part of Dodd-Frank to protect consumers from financial dangerous, but regardless of the danger here, the collection of financial data is still fully legal for the agency.
This report, by Jonah Bennett, was cross-posted by arrangement with the Daily Caller News Foundation.