By Lisa Lambert
WASHINGTON (Reuters) – The U.S. Consumer Financial Protection Bureau (CFPB), one of Wall Street’s top regulators, must strengthen its protections against hacking, according to a report the agency’s internal inspector released on Wednesday as the financial sector reels from recent revelations of two major data breaches.
The former head of the Equifax <EFX.N> credit bureau is testifying before Congress this week about the company’s disclosure that personal information for millions of individuals had been stolen from its systems.
At the same time, the Securities and Exchange Commission – the country’s lead securities regulator – is facing lawmakers’ questions about information stolen last year from its filing system that may have been used for illicit trades.
The CFPB, which gathers sensitive information on individuals, banks, credit card companies and other financial firms as the government’s consumer finance watchdog, could suffer similar intrusions that might undermine public trust or limit its ability to carry out its mission, its inspector general said in a report dated Sept. 27 and released on Wednesday.
The agency “has not fully implemented processes, such as data loss prevention technologies, within its internal network that would enable the agency to detect and better protect against unauthorized access to and disclosure of its sensitive information,” the report said.
It also needs to run automated feeds through security checks and move away from manually tracking system security by putting alerts and continuous monitoring tools in place, the inspector general found.
In the five years since it was established, the CFPB has had to quickly erect sound information systems that can repel cyber attacks. All federal agencies are struggling to keep up with a steady rise in the number and sophistication of attempted intrusions, as criminal demand for stolen Social Security numbers and other personally identifiable information swells.
The inspector general also said the CFPB will soon implement a job succession plan to try to close possible staffing and skill gaps, hopefully clarifying what the future holds after Richard Cordray, the CFPB’s first director, leaves the agency.
Cordray, whose term expires in July, was appointed by President Barack Obama after the agency was created under the 2010 Dodd-Frank financial reform law.
Many expect him to depart earlier, however, and there is no precedent for replacing him.
President Donald Trump will likely appoint a successor who cuts back on the agency’s reach, raising questions about the direction of open CFPB investigations and rulemakings.
(Reporting by Lisa Lambert, editing by G Crosse)