This morning, a spokesperson from the US Consumer Financial Protection Bureau (CFPB) emailed Gizmodo a Very Serious Statement™. They wanted us to include this Very Serious Statement™ in our blog post about the CFPB not giving a shit about the Equifax hack. And it’s so hilariously vague that it only supports the conclusion that the agency doesn’t care about holding Equifax accountable for losing the sensitive data of 145.5 million Americans.
Here’s the statement that Gizmodo received from the CFPB:
The Bureau has statutory authority over the collection and maintenance of consumer report information. Additionally, the Bureau is authorized to take supervisory and enforcement action against certain institutions engaged in unfair, deceptive, or abusive acts or practices, or that otherwise violate federal consumer financial laws. This includes acting in response to the failure of institutions to engage in reasonable data security practices in connection with the collection and maintenance of consumer report information. As noted previously, the Bureau is looking into Equifax’s data breach and response. Reports to the contrary are incorrect. The Bureau cannot comment further at this time.
Why is this statement so funny to us? The first three sentences just explain that the CFPB has the authority to protect consumers, which nobody was questioning. We want the agency to protect consumers and recognize that it has the “statutory authority” to do so. The first three sentences are boilerplate platitudes about CFPB activities that have nothing to do with the fact that the agency isn’t conducting a reasonably serious investigation.
What about the last three sentences of the six-sentence statement? That section explains that CFPB is “looking into Equifax,” but doesn’t actually contradict anything from yesterday’s news. The police can “look into” who broke into your home, but if they don’t question suspects and dig for clues, they’re not really looking into anything seriously. The last sentence also stressed that everything they’re doing is all very hush-hush at the moment.
On Monday, Reuters reported that the CFPB hasn’t ordered any subpoenas against Equifax and hasn’t demanded sworn testimony from any Equifax executives—two things that would be standard operating procedure for a regulatory agency that was serious about pursuing corporate negligence. And when the CFPB says that it’s “looking into Equifax’s data breach” that’s not good enough.
We responded to CFPB’s request that we publish their statement with some questions about why the agency isn’t doing more. We have yet to hear back, but will update this post if we do.
In the meantime we can just hope that Mick Mulvaney, Trump’s hand-picked minion to oversee the CFPB, doesn’t destroy the agency completely.
Update, 4:15pm: Gizmodo just received another email from CFPB with a quote from John Czwartacki, Senior Advisor to the Acting Director at CFPB and the former head of communications at Verizon from 2003 to 2012 (so you know he’s looking out for the little guy):
Acting Director Mulvaney takes data security issues very seriously. Under his direction, the CFPB is working with our partners across government on Equifax’s data breach and response. We are committed to enforcing the law. As policy, we do not confirm or deny enforcement or supervisory matters. Equifax has gone on the record recently and we would refer you to the statement in its SEC 10 Q filing in November.
So there you have it. You can rest easy because CFPB, an agency run by a Trump stooge like Mick Mulvaney who wants to kill the agency, assures us they’re on the case. Has the Trump regime ever lied to us before?