From:
To:
Subject:
Date:

Mulvaney, Mick (CFPB)
_DL_CFPB_AllHands
Data collection to resume
Thursday, May 31, 2018 9:38:30 AM

All:
When I first arrived at the Bureau, I was concerned that the information the Bureau collects about
consumers could fall prey to hackers or other actors. So, out of an abundance of caution and a desire
to protect Americans’ privacy, I placed a hold on the collection of personally identifiable information
and other sensitive data.
Today, after an exhaustive review by outside experts, including a comprehensive “white-hat
hacking” effort, we can lift that hold. The independent review concluded that “externally facing
Bureau systems appear to be well-secured.” Recommendations they made to further enhance
security measures are being addressed now. For instance, during the white-hat exercise, some
people opened emails which, had they been sent by someone other than the outside experts, could
have contained a virus or served to help capture sensitive data. Therefore, we will step up our
employee and contractor training on how to detect and deal with suspicious emails.
Those of you involved with data collection can expect to hear shortly from your division or office
leadership. They will have guidance to share about how to resume collecting information and what
to tell financial institutions or other external organizations about my decision.
This process has been an important exercise in holding ourselves to the same high standards to
which we hold the entities we oversee. I appreciate your patience and all of the hard work involved
in making sure we are good stewards of such sensitive information.
Thanks,
Mick M.
Acting Director