CFPB Data Breach Dwarfs Facebook Debacle

Members of Congress spent the better part of last week grilling Marc Zuckerberg on privacy concerns surrounding Facebook in the wake of the Cambridge Analytica debacle. But Investor’s Business Daily argues in an editorial that perhaps Congress out to spend more time investigating significant data breaches at Sen. Elizabeth Warren’s signature legislative and regulatory “accomplishment,” the so-called Consumer Financial Protection Bureau (“CFPB”):

Data Breach: The same day lawmakers were grilling Mark Zuckerberg about Facebook’s handling of private data, Congress heard testimony about a privacy scandal that is infinitely worse. Too bad everybody ignored the latter revelation.

In this case, the villain isn’t a private company or a Trump campaign advisor, but the federal government, which has been Hoovering up oceans of highly sensitive financial data on hundreds of millions of Americans under the guise of “consumer protection” — without taking basic steps to protect it.

And, unlike with Facebook, nobody has volunteered to have the government collect this private data.

Exactly what kind of data are we talking about here? Well, it goes far beyond personality quizzes, unfortunately. According to IBD, “the CFPB has a storehouse of highly personal data — Social Security numbers, bank accounts, mortgage information, credit card data — on just about every American.”

The CFPB collects all this data on Americans to “protect” them, of course. As Edward D’alessio wrote in the Washington Examiner last year:

In the coming weeks, the CFPB will issue a series of new rules aimed at curtailing payday, vehicle title, and certain high-cost installment loans that will cut nearly 30 million customers off from critical forms of credit. Even more significant, however, is that it will begin mandating the collection of huge volumes of unnecessary financial information, and in the process expose people who use these products to a potential hack.

Under the new rule, customers applying for a small-dollar loan – the average being a mere $350 – will be required to submit extensive personal financial information in support of their applications. Lenders will determine a customer’s ability to repay the loan, but they will also be required to share this financial information with numerous credit reporting agencies (CRAs) registered with the Bureau. …

These CRAs will, in effect, serve as a collective database for customer’s personal financial data, and they will be required to communicate with one another about an individual’s borrowing activity. The net effect is that a huge amount of personal financial information will be shared between institutions – and in a way that puts consumers at risk.

This mandate is a large overstep by the CFPB, but it’s not the first time they’ve acted so aggressively. Recently, the CFPB conducted large-scale data collections in the name of monitoring the markets for abuse. The House Financial Services Committee found that the CFPB collected data on 87 percent of the credit card market in 2015, with a goal of capturing up to 95 percent.

As it turns out, under the leadership of former CFPB Director and now Ohio Governor wannabee Richard Cordray, the CFPB data have been hacked between 240 and 800 times! That means the personal financial data of virtually every living American has been obtained by Lord-knows-who because Elizabeth Warren and Richard Cordray wanted the federal government to play a larger role in the financial system.

Instead of protecting consumers, the CFPB has carelessly put them at risk.