On Tuesday the Consumer Financial Protection Bureau (CFPB) published a long anticipated proposed rule change around how data brokers handle peoples’ sensitive information, including their name and address, which would introduce increased limits on when brokers can distribute such data. Researchers have shown how foreign adversaries are able to easily purchase such information, and 404 Media previously revealed that this particular data supply chain is linked to multiple acts of violence inside the cybercriminal underground that has spilled over to victims in the general public too.
The proposed rule in part aims to tackle the distribution of credit header data. This is the personal information at the top of a credit report which doesn’t discuss the person’s actual lines of credit. But currently credit header data is distributed so widely, to so many different companies, that it ends up in the hands of people who use it maliciously.
The impact of the proposed rule change if it was to go into force won’t be clear until it actually happens, which potentially would not be until at least next year. And that might be up in the air: Elon Musk who is playing a key role in the transition to the forthcoming Trump administration and venture capitalist Marc Andreessen have both criticized the agency. But the proposed rule change still shows a significant effort by a U.S. government agency to wrangle the data broker industry.