Congress Demands Details from CFPB Director Chopra on Agency Data Breach

Senate Banking, Housing and Urban Affairs Committee Ranking Member Tim Scott (R-SC) and House Financial Services Subcommittee on Oversight and Investigations Chair Bill Huizenga (R-MI) asked CFPB Director Rohit Chopra to provide details on the "major data breach" that occurred at the agency. According to news reports, "an employee forwarded the personal information of more than a quarter-million consumers to a personal email account."

In a letter to Mr. Chopra, Senator Scott requested that Mr. Chopra provide a briefing by May 8, 2023 on:

• details of the data breach;
• the content of the data taken from the CFPB system;
• remedial measures taken to address the breach; and
• data privacy practices taken to address privacy concerns.

Senator Scott added that the breach is "highly concerning" given the recent CFPB rulemaking to collect lending data from small businesses on credit products.

In a separate letter, Representative Huizenga expressed concern about the breach having potentially implicated the sensitive data of more than 50 financial institutions. He said that the consequences could be both "widespread and injurious." To better understand the CFPB’s investigation into the data breach, Representative Huizenga asked that Mr. Chopra submit a briefing to the House Financial Services Committee by April 25, 2023 regarding (i) mitigation and remediation efforts, (ii) the extent of the breach and (iii) steps taken to give "appropriate notifications".