Vought, who also serves as director of the White House Office of Management and Budget, received a letter on Monday from the Financial Technology Association (FTA) calling for the rule to be withdrawn, claiming it exceed the agency’s statutory mandate and would be “harmful to financial institutions’ efforts to detect and prevent fraud.” The FTA is a US-based trade organization that represents the interests of fintech companies and their executives.
Privacy advocates have long pressed regulators to use the Fair Credit Reporting Act to crack down on the data broker industry. Common Defense, a veteran-led nonprofit, urged the CFPB to take action in November, blaming data brokers for recklessly exposing sensitive information about US service members that placed them at “substantial risk” of being blackmailed, scammed, or targeted by hostile foreign actors.
A 2023 study cited by the group—funded by the US Military Academy at West Point—concluded that the current data broker ecosystem is a threat to US national security, permitting the sale of sensitive personal data that can be used not only to identify service members and “other politically sensitive targets,” but also to offer details about medical conditions, financial problems, and political and religious beliefs. “Foreign and malign actors with access to these datasets could uncover information about high-level targets, such as military service members, that could be used for coercion, reputational damage, and blackmail,” the authors report.
Common Defense political director Naveed Shah, an Iraq War veteran, condemned the move to spike the proposed changes, accusing Vought of putting the profits of data brokers before the safety of millions of service members. “For the sake of military families and our national security, the administration must reverse course and ensure that these critical privacy protections are enacted,” Shah says.
Investigations by WIRED have shown that data brokers have collected and made cheaply available information that can be used to reliably track the locations of American military and intelligence personnel overseas, including in and around sensitive installations where US nuclear weapons are reportedly stored.
WIRED reported in February that US data brokers were using Google’s ad-tech tools to sell access to information about devices linked to military service members and national security decisionmakers, as well as federal contractors that manufacture and export classified defense-related technologies. Experts say it proves trivial for foreign adversaries to de-anonymize the data.
“Data brokers inflict severe harm on individuals by degrading privacy, threatening national security, enabling scams and fraud, endangering public officials and survivors of domestic violence, and putting immigrant populations at risk,” says Caroline Kraczon, a law fellow at the Electronic Privacy Information Center whose focus is consumer protection.
“The CFPB had a critical opportunity to address these harms by clarifying that data brokers must follow the Fair Credit Reporting Act,” adds Kraczon. “This withdrawal is deeply disappointing and another attack in the administration’s war against consumers on behalf of corporate interests.”
Last month, more than 1,400 CFPB employees had their positions at the agency terminated, leaving the agency with a staff of around 300 people. Elon Musk, whose so-called Department of Government Efficiency (DOGE) has spearheaded the White House’s efforts to radically restructure the federal government by slashing the size of its workforce, last November called on President Donald Trump to “delete” the CFPB, whose job includes shielding Americans from predatory lending practices.
Update 10 am ET, May 15, 2025: Clarified the types of companies represented by the Financial Technology Association.
