Stronger cybersecurity measures are needed to protect a federal data-mining system containing the most private financial information on hundreds of millions of Americans.
The problems are so serious that the Consumer Financial Protection Bureau needs to strengthen cybersecurity protections "across all information security areas” in its cloud computing system.
That's the conclusion of a new report by the Federal Reserve Board's inspector general evaluating one of Washington's newest "Big Data" efforts.
The CFPB data-mining program will monitor an estimated 992 million American credit card accounts and 227 million residential home mortgages dating back to 1998.
But the system's security measures are full of problems, according to the IG.
“Our report includes recommendations to strengthen security controls for the [General Support System] in four information security areas: system and information integrity, configuration management, contingency planning and incident response,” the IG report warned.
The CFPB system does not meet security requirements mandated by the Federal Information Security Management Act, according to the IG.
The bureau's data-mining plans have come under fire from Congress, other government watchdogs and privacy rights advocates.
A Government Accountability Office report from last December noted that breaches of federal databases containing personally identifiable information have doubled from 2009 to 2012.
A Federal Register notice last April stated that the CFPB and a sister agency, the Federal Housing Finance Agency, expect to monitor 95 percent of all future mortgage transactions.
The IG report only provided a summary of potential deficiencies. IG reports touching on internet security are generally restricted to the public, according to John Manibusan, the IG’s assistant congressional and media liaison.
Responding to the IG’s findings, Rep. Sean Duffy said, “They’ve been so gung-ho about collecting American consumer information. They put that ahead of the security of that information in which they collect.
“Obviously, they don’t seem to care,” Duffy said. The Wisconsin Republican has been among CFPB's most vocal critics.
Rep. Randy Neugebauer, R-Texas, a member of the House Financial Services Committee, asked CFPB Director Richard Cordray in a congressional hearing last January whether he “could personally guarantee that the consumer information is 100 percent security.”
Cordray said no, but added that the bureau “attempts to safeguard any information we have about the American public.”
CFPB’s chief information officer told the IG’s office he “concurred” with the recommendations and has or would take action to addresses the weaknesses.