Watchdog Dings CFPB for Website Security ‘Deficiencies’

Despite steps to improve it, the Consumer Financial Protection Bureau’s website has several “control deficiencies” that must be “mitigated to protect the website from compromise,” according to a report today from the Federal Reserve’s independent inspector general, which audits CFPB activity.

“Those deficiencies have to do with configuration management, system and information integrity, and contingency planning,” the report said. “If not addressed, these deficiencies could adversely affect the confidentiality, integrity, and availability of and the information it contains.” The CFPB website includes its consumer complaint portal; the American Bankers Association has long noted that the bureau’s approach to posting complaints could compromise consumer information.

The IG provided eight recommendations to improve the security of the website, which were redacted for security reasons. The report noted several other risks related to the CFPB’s website, but said it did not issue recommendations because the bureau is in the process of addressing those.