The employee, who no longer works at the CFPB, made an unauthorized transfer of records containing personal information on approximately 256,000 consumers at one institution, as well as confidential supervisory information on 45 institutions, a CFPB spokesman said. There is no evidence the records were shared beyond the former employee’s personal email account, the spokesman said.

While most of the personal information was tied to consumers at one institution, the emails included information on consumers from seven firms, the CFPB spokesman said. The CFPB hasn’t publicly identified the firms involved in the breach or the former employee who made the transfers.

[The country’s in the best of hands. Remind us again why the CFPB exists. As I recall the argument a decade or more ago, it was to, um … protect consumers, right? Maybe we should protect consumers by getting rid of bureaucrats that access our data at whim. — Ed]