04.12.18

CFPB Admits To Collecting & Compromising Americans’ Financial Data

Mortgages, Social Security Numbers, Personal Banking Information All Potentially At Risk; 240 confirmed hacks, over 800 suspected hacks

WASHINGTON, D.C. – U.S. Senator David Perdue (R-GA), a member of the Senate Banking Committee, asks Consumer Financial Protection Bureau Acting Director Mick Mulvaney about the government agency’s financial data collection habits and recent security breaches.

Click here to watch or click on the image below.

Banking Hrg_ CFPB semi annual report to Congress Apr 12

Hundreds Of Breaches

Senator Perdue: “I just got back from China and talked to two of the largest market cap companies in the world, Tencent and Alibaba. They are collecting data, and in China, consumers just assume the federal government has access to their data. American citizens do not have that assumption. But your agency today has the right to collect every credit card transaction, every debit card transaction, every car loan application, and every home loan application package. Is that generally correct?”

Director Mulvaney: “My understanding is yes, we do have the right to collect that data.”

Senator Perdue: “So, the question then is: how is that stored? Where is it stored? Are there third parties involved? Have you been hacked? Can you provide a report to this committee with regard to that data? Have there been any breaches to your knowledge before you got there and since you’ve been director?”

Director Mulvaney: “I want to be careful about what I say, and I would be happy to talk about this more in private, but we have been able to document about 240 lapses in our data security.”

Senator Perdue: “‘Lapses?’ Is that a breach?”

Director Mulvaney: “I think data got out that should not have gotten out. There’s another 800 suspected that we haven’t been able to confirm.”

Senator Perdue: “800 potential exfiltrations so far? And this could be not just social security numbers, but this could be my personal bank account. Is this correct?”

Director Mulvaney: “It could be a lot of different things, yes. Including those.”

Every Data Point Is “Subject To Being Lost”

Senator Perdue: “Every single factor that I have as an individual in the United States, every single financial factor can be reviewed and can be collected and can be exposed by the CFPB. Is that correct?”

Director Mulvaney: “Everything we keep is subject to being lost, yes.”

Senator Perdue: “Has any of that information been lost?”

Director Mulvaney: “I don’t want to say anything, but I’m more than happy to talk to all of you about what I’ve talked with the Inspector General about. I think it actually does more harm than good to mention it in a public setting.”

Senator Perdue: “Mr. Chairman, I would like to propose a follow-up meeting about this because I am absolutely concerned about the exposure of our data in this rogue agency that has no responsibility to this Congress. I’m very concerned about the security of our financial information that nobody in my state really understands the CFPB is collecting.”

Data Stored By Unknown Third Parties

Senator Perdue: “Tell me about the third parties that are storing this data today.”

Director Mulvaney: “Senator, I’ll have to get back to you on that. I was under the impression we kept most of our own, but I’ve just been told some of our data is kept by third parties.”

Senator Perdue: “I know that for a fact. I just don’t know who.”

###

Senator Perdue is the only Fortune 500 CEO in Congress and is serving his first term in the United States Senate, where he represents Georgia on the Armed Services, Banking, Budget, and Agriculture Committees.