Particle.news
Download on the App Store
3 ARTICLES
·
last mo.

Watchdog Says CFPB Cybersecurity Program Is Not Effective After Sharp Maturity Drop

An OIG audit attributes the decline to canceled contracts, staff departures, and lapsed system authorizations.

Demonstrators take part in a protest by the Consumer Financial Protection Bureau (CFPB) building, the day after members of Elon Musk's Department of Government Efficiency (DOGE) moved into the CFPB, in Washington, U.S. February 8, 2025. REUTERS/Nathan Howard/File Photo
Image

Overview

  • The bureau’s security maturity fell from level 4 in fiscal 2024 to level 2 in 2025, the audit concluded.
  • Auditors identified 35 systems operating with expired or missing authorizations to operate or use, undermining assurance on controls.
  • Following White House actions that halted bureau activity and brought in outside reviewers, canceled task orders and personnel losses cut continuous monitoring and testing capacity.
  • The report cites continued reliance on end‑of‑life software and the lack of organization‑level cybersecurity risk profiles.
  • CFPB management accepted all six recommendations as CIO Christopher Chilbert disputed the severity and noted no major PII breaches in 2025.