Skip to Content

CFPB fires warning shot at financial institutions over lax data security

CFPB fires warning shot at financial institutions over lax data security

CFPB fires warning shot at financial institutions over lax data security

WASHINGTON, D.C. – The Consumer Financial Protection Bureau (CFPB) has released a circular announcing that financial companies may be in hot water if they fail to adequately protect consumer data.

The circular gives guidance to consumer protection enforcement, including language targeting financial firms that can be held liable for insufficient security protocols with their client data. "Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse," said CFPB Director Rohit Chopra. "While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data."

Chopra has been taking an active hand against lax data protections and the companies responsible in recent weeks. The CFPB had representatives giving presentations on Data Breach’s at DEF CON this year and the Director recently attended and spoke at the National Association of Attorneys General Presidential Summit. “While financial privacy and secrecy were seen as touchstones of the banking system, there is a growing interest from Big Tech firms to find new ways to harvest and monetize our personal financial data,” he said encouraging attorney generals to act. “Many tech firms are on the hunt for data about what we spend our money on and where we make our purchases."

For its part the CFPB says it’s increasing its focus on the potential for misuse and abuse of consumer financial information. They cite the Equifax breach in 2017 as a turning point that saw the sensitive data of 147 million Americans violated. In 2019 the CFPB charged Equifax with violating the Consumer Financial Protection Act which led to a $700 million settlement. 

There were almost 2,000 data breach events in the first half of 2022. The circular with guidance on consumer financial protection can be found at,


To comment on this post, please log in to your account or set up an account now.