OIG: The CFPB Can Improve Its Safeguards for Protecting Confidential Supervisory Information

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2025-SR-C-005 May 5, 2025

In 2023, the CFPB declared a major breach that affected about 256,000 consumers and 46 institutions after an employee sent confidential supervisory information to a personal email account.

We found that the CFPB’s guidance does not sufficiently limit access to confidential supervisory information. Its guidance also lacks expectations for assessing the severity of confidential supervisory information breaches and enforcing consequences for responsible employees. Finally, the CFPB does not have a defined process to notify affected supervised institutions of breaches.

We are making seven recommendations to address these issues and improve the agency’s protection of confidential supervisory information.

HOTLINE

IN THIS SECTION

The CFPB Can Improve Its Safeguards for Protecting Confidential Supervisory Information

available formats

Summary:

Full Report:

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

The CFPB Can Improve Its Safeguards for Protecting Confidential Supervisory Information

available formats

Summary:

Full Report:

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES