WASHINGTON–Five Democrats on the Senate Banking Committee are demanding answers from the Consumer Financial Protection Bureau in the wake of a report that found revealed increasingly ineffective cybersecurity at the agency linked to staff cuts and reduced contractor support.
In a letter sent Monday to CFPB Acting Director Russell Vought and first reported by FedScoop, Democratic Sens. Elizabeth Warren of Massachusetts, Mark Warner of Virginia, Andy Kim of New Jersey, Ruben Gallego of Arizona and Catherine Cortez Masto of Nevada were critical of Vought over the findings from an October Federal Reserve Office of Inspector General report.
In the report, the Office of the Inspector General (OIG) tied the Trump administration’s ongoing teardown of the agency to its inability to “maintain an effective level of awareness of security vulnerabilities in its environment.”
That outcome, the lawmakers told Vought, is “unacceptable, entirely avoidable, and directly tied to some of your efforts to gut the agency: illegally firing CFPB employees and arbitrarily canceling agency contracts,” according to FedScoop.
‘Gone Out of Its Way to Harm’
Warren, the ranking member of the Senate Banking Committee and architect of the CFPB in the aftermath of the 2008 financial crisis, and the other signatories said the Trump administration “has gone out of its way to harm, rather than protect, American consumers served by the CFPB.”
They cited as an example many of the actions the CU Daily has reported, including stop-work orders, plans to close the CFPB’s headquarters, and the elimination of the Bureau’s staff.
That combination, per the OIG, led to the agency’s overall information security program dropping “from a level-4 maturity (managed and measurable) to a level-2 maturity (defined) in fiscal year 2025” — meaning CFPB’s cybersecurity “is not effective,” FedScoop reported.
‘Sensitive Data’ Cited
“The agency maintains systems that house sensitive data, including personally identifiable information from complaints submitted by consumers across the country,” the letter states. “We write to request information regarding your failure to protect the American public and once again demand that you halt your efforts to shutter the agency.”
As the CU Daily has also reported, the Trump administration said in a court filing earlier this month that the CFPB’s funding, which comes from the Fed, is unlawful and is on track to run out of money early next year.
Despite that status, the lawmakers also want Vought to explain how the decision to end cybersecurity contracts impacted the agency’s “ability to implement a robust information security program.”
