The CFPB knew about a massive 250,000-person data breach for weeks before it was made public.

This week, news broke that an employee at the Consumer Financial Protection Bureau forwarded the confidential records of about 256,000 consumers to their personal email, a massive data breach. The employee, who is no longer employed by the CFPB, also transferred confidential supervisory information on 45 institutions, the Wall Street Journal reported on Wednesday.

CREDIT CARD LATE FEES CAPPED AT $8 IN PROPOSED RULE FROM CFPB

The Washington Examiner confirmed that the CFPB, which was created by the 2010 Dodd-Frank financial reform law, first found out about the breach in mid-February. CFPB staff notified select lawmakers last month that they learned of the breach on Feb. 14 in an email describing the situation as a “major incident.”

“The CFPB takes data privacy very seriously, and this unauthorized transfer of personal and confidential data is completely unacceptable,” a CFPB spokesperson said in a statement. “All CFPB employees are trained in their obligations under Bureau regulations and Federal law to safeguard confidential or personal information. We have referred the matter to the Office of the Inspector General, and we are taking appropriate action to address this incident.”

In the statement, shared with the Washington Examiner, the spokesperson said that the employee had authorized access to the documents in the course of their work. The documents included two spreadsheets that contained names and transaction-specific account numbers of the tens of thousands of customer accounts at a single institution.

“The numbers are used internally by the institution, are not the consumers’ bank account numbers, and cannot be used to gain access to a consumer’s account. These two spreadsheets contained the vast majority of the impacted PII,” the spokesperson said, referring to personally identifiable information.

The agency said that, in total, the information in question includes personally identifiable information of customers at seven institutions.

While an investigation into the breach is ongoing, the CFPB said there is no evidence that the confidential information was spread beyond the now-former employee’s personal email account.

“The CFPB has directed the former employee to delete the emails from their personal account, certify that each email was deleted, and provide attestation once those actions were completed. The former employee has not complied with this demand,” the spokesperson said.

Congressional Republicans were quick to seize on the breach and are asking for more information about the breach from the agency’s director, Rohit Chopra.

“This breach raises concerns with how the CFPB safeguards consumers’ personally identifiable information,” House Financial Services Committee Chairman Patrick McHenry (R-NC) said. “The Committee is requesting that Director Chopra provide a briefing and the details of their internal investigation into why and how this happened. Republicans will ensure any bad actors are held accountable.”

Sen. Tim Scott (R-SC), who is the Republican leader on the Senate Banking Committee, called the breach an “egregious lack of oversight.” He contends that Chopra is seeking to collect more consumer data in order to churn out “progressive regulations.”

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

“Why should the CFPB be trusted to collect more data, burdening financial institutions and potentially limiting services for consumers, when they themselves have demonstrated an irresponsible handling of consumer’s financial information. This is particularly concerning in the face of the failures of SVB and Signature Bank. Our regulators and agencies need to take responsibility for their failures and must be held accountable,” Scott said in a statement.

The Washington Examiner reached out to the CFPB about why knowledge of the leak is just becoming public.