November 24, 2025

Warner, Kim, Warren, Cortez Masto, Gallego Raise Concern About CFPB's Exposing Private Data of Americans Amidst Illegal Efforts to Shutter the Agency

“These actions have real consequences for the American public — including, as evidenced by the CFPB OIG’s report, the ability of the agency to protect the sensitive personal information of American consumers and businesses.”

Text of Leter (PDF)

Washington, D.C. – U.S. Senators Mark Warner (D-VA), Elizabeth Warren (D-Mass.), Ranking Member of the Senate Banking, Housing, and Urban Affairs Committee, Andy Kim (D-NJ), Catherine Cortez Masto (D-NV), Ranking Member of the Subcommittee on Financial Institutions and Consumer Protection, and Ruben Gallego (D-AZ), sent a letter to Consumer Financial Protection Bureau (CFPB) Acting Director Russell Vought requesting information on CFPB’s information security practices and calling for him to halt his illegal efforts to shutter the agency. The Senators’ letter follows a recent CFPB Office of Inspector General (OIG) report regarding a troubling decline in the CFPB’s information security practices.

“Specifically, the OIG identified a precipitous decline in the agency’s information security program in the past year,’” wrote the Democratic Senators. “Concerningly, the OIG also found that ‘the CFPB’s overall information security program is not effective.’”

The Senators continued: “The CFPB OIG identified staff departures and reduced contractor capacity as a key reason for this downgrade…. (O)ne cybersecurity program, for example, ‘has been placed on hold as the agency’s chief risk officer and other individuals … left the agency in March 2025.’ Their positions ‘have not been backfilled, nor are their roles and responsibilities being fully performed.’”

They highlighted how the Administration’s efforts to gut the CFPB have put Americans’ sensitive personal information at risk: “This outcome is unacceptable, entirely avoidable, and directly tied to some of your efforts to gut the agency: illegally firing CFPB employees and arbitrarily canceling agency contracts …. These actions have real consequences for the American public — including, as evidenced by the CFPB OIG’s report, the ability of the agency to protect the sensitive personal information of American consumers and businesses.”

The Senators concluded by calling for Vought to reverse course on shutting down the CFPB and to provide answers to their questions on the CFPB’s information security practices no later than December 8, 2025.

###