Approximately 14 emails included consumer personally identifiable information, or PII. The employee also sent two spreadsheets that listed names and transaction-specific account numbers related to about 256,000 consumer accounts at one institution. “The numbers are used internally by the institution, are not the consumers’ bank account numbers, and cannot be used to gain access to a consumer’s account,” the CFPB said. The Wall Street Journal first reported the incident on Wednesday.
Federal lawmakers and government agencies including the Department of Homeland Security have also been made aware of the incident. “This unauthorized transfer of personal and confidential data is completely unacceptable. All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information,” the agency said in a statement to CNN.