The CFPB Needs To Improve Its Cybersecurity, According To An Internal Investigation

According to a report from the Consumer Financial Protection Bureau’s internal inspector, the CFPB must do more to strengthen its protections against hacking.

The CFPB — which has access to vast stores of data on citizens, banks, credit card companies and other financial services players — could be at risk for the kind of cybercriminal incursion that has recently brought Equifax to its knees.  Such a data breach, the report noted, could do massive damage to the consumer watchdog’s credibility and make it harder for it to carry out its general mission.

The report also found that the CFPB “has not fully implemented processes, such as data loss prevention technologies, within its internal network that would enable the agency to detect and better protect against unauthorized access to and disclosure of its sensitive information.” It went on to recommend that the agency ought to run automated feeds through security checks and move away from manually tracking system security by putting alerts and continuous monitoring tools in place.

Apart from its security issues, the inspector also recommended that the CFPB needs to put together a succession plan — perhaps particularly necessary as Richard Cordray, the agency’s head, is widely expected to leave the post soon.  His term expires in July, and it is thought he may bow out early to run for governor in Ohio.

There is at present no precedent for his replacement — though in July, President Trump will be able to appoint his successor.