On November 3, the House Financial Services Subcommittee on Consumer Protection and Financial Institutions held a hearing titled “Cyber Threats, Consumer Data, and the Financial System.” The hearing examined cybersecurity and consumer data protection challenges for financial institutions, discussed agencies efforts to strengthen cyber defenses for financial institutions, and reviewed the current legal framework governing data security. According to a committee memorandum, cyberattacks on banks are increasing in number. In the first half of 2021, banks and credit unions saw a 1,318 percent increase in ransomware attacks. In written testimony, one of the witnesses expressed his concern regarding the technological disparity between minority depository institutions (MDI) and large banks, observing that “cultural shifts inside the financial services industry, including the core processors and regulators, are necessary to help MDIs better orient themselves to meet new customer demands.” Another witness discussed in his written testimony support for the NCUA to obtain data security and privacy authority over third-party vendors, which is an authority currently given to other federal agencies. Among other things, the hearing addressed several bills on cybersecurity and consumer protection: (i) Safeguarding Non-bank Consumer Information Act; (ii) Strengthening Cybersecurity for the Financial Sector; and (iii) Enhancing Cybersecurity of Nationwide Consumer Reporting Agencies Act. Specifically, one of the witnesses in his written testimony recommended that Congress revise the definition of “data aggregators” in the Safeguarding Non-bank Consumer Information Act to ensure that it covers non-financial institution entities and individuals.