U.S. Inspector General Warns of CFPB Data Security Weaknesses
Richmond partner Michael Lacy and associate Scott Kelly’s November 1 Consumer Financial Services Law Monitor blog post was referenced in a November 10 Law Technology News article about how the Consumer Financial Protection Bureau’s consumer data-mining program had a couple of rough weeks in October.
On October 30, U.S. Inspector General Mark Bialek told the CFPB that “[i]mprovements are needed in four high priority security risk areas: continuous monitoring, configuration management, security training, and incident response and reporting,” according to Michael and Scott. Additionally, the duo indicated that the Inspector General stated that the CFPB didn’t have mechanisms in place to quickly identify cybersecurity breaches. “Since 2010, the CFPB has been collecting huge volumes of credit card and mortgage data, say Kelly and Lacy,” the article pointed out. “With the goal of amassing key data for 95 percent of all first mortgages and 933 million credit cards, according to The Washington Post.”