Senate Democrat leadership slammed Office of Personnel Management (OPM) Director Russell Vought on Monday for continuing efforts to dismantle the Consumer Financial Protection Bureau (CFPB), warning that those actions have put Americans’ data at risk.
A letter sent to Vought from five senators, led by Sens. Mark Warner, D-Va., and Elizabeth Warren, D-Mass., follows an Oct. 31 audit by CFBP’s Office of Inspector General (OIG) that found the bureau’s information security program decreased from a level-4 maturity to a level-2 maturity in fiscal year (FY) 2025, and failed to maintain authorizations to operate for many of its systems.
That OIG report pointed to a loss of contractor resources that support information security continuous monitoring (ISCM) and testing activities, as well as agency staff departures, as drivers of the security shortfall.
Many of the roles left empty by agency departures have “not been backfilled, nor are their roles and responsibilities being fully performed,” according to the OIG report.
“This outcome is unacceptable, entirely avoidable, and directly tied to some of your efforts to gut the agency: illegally firing CFPB employees and arbitrarily canceling agency contracts,” senators wrote in their letter.
Earlier this year, Vought made comments that he planned to “close down” CFPB and did not request funding from Congress for CFPB to perform its work through the end of FY 2025. Vought also posted to X in February that CFPB would no longer receive any additional funding because it was not “reasonably necessary” to perform its functions.
While an ongoing lawsuit has largely prevented the Trump administration from reorganizing the bureau, administration officials have said they do not plan to close CFPB and that “CFPB would remain open and continue to perform all functions required by law.”
However, Democrats in their letter cited court documents that showed nearly $200 million of CFPB’s $227 million total contracts have been terminated by the Trump administration, with only a small number of those being reinstated.
“These actions have real consequences for the American public–including, as evidenced by the CFPB OIG’s report, the ability of the agency to protect the sensitive personal information of American consumers and businesses,” the senators wrote.
While CFPB has taken some steps to address concerns in the OIG’s report, Democrats told Vought that “you have yet to take the most obvious step: reverse course on your illegal efforts to shutter the CFPB.”
Senators requested details from Vought by Dec. 8 on what CFPB contracts supported its cyber operations and ISCM activities, which contracts had been terminated, if any contracts were reinstated, and how contract terminations impacted CFPB’s ability to implement a robust information security program.