On September 25, 2020, the U.S. Consumer Product Safety Commission Office of Inspector General released its data breach investigation report regarding an April 2019 CPSC data breach in which restricted business information and personally identifiable information regarding approximately 10,900 manufacturers and 30,000 consumers was accidentally released by CPSC Clearinghouse employees in email communications to approximately 556 individuals.
The OIG, in connection with independent forensic auditors, concluded that the data breach resulted from a combination of mismanagement and incompetence surrounding the CPSC’s Clearinghouse – the function and individuals, rather than a formal office, that process information requests – including a lack of “supervision, document policies and procedures, and training for non-supervisory and first level supervisory Clearinghouse employees.”
