Fed inspector general reports CFPB cybersecurity is lacking

A recent audit by the Federal Reserve Office of Inspector General found that the Consumer Financial Protection Bureau’s cybersecurity practices have weakened in recent months, worsened by staff and contractor shortages.

The CFPB’s systems, which store sensitive consumer and financial institution data—including Social Security numbers and confidential supervisory information—saw a decline in security controls in fiscal year 2025. The OIG report noted that many systems lacked current authorizations to operate, risk acceptance memorandums were used without documented cybersecurity analyses, and reduced contractor and agency staffing hampered continuous monitoring and testing efforts.

See the full audit report here.