This week, the Consumer Financial Protection Bureau (CFPB) found itself at the center of Capitol Hill scrutiny for the way it gathers highly sensitive consumer information on millions of Americans.

The Financial Services Oversight and Investigations Subcommittee held a hearing Wednesday to examine the CFPB’s data collection efforts and the potential dangers it poses to consumers’ privacy and financial safety.

“Whether it’s the public or private sector, vast collections of personal consumer data are a prime target for cyberattacks,” said Subcommittee Chairman Sean Duffy (R-WI) during Wednesday’s hearing. “Aside from the fact that the CFPB does not need to be collecting this vast amount of information to carry out its regulatory mission, it’s troubling that it has not taken more appropriate steps to secure this data.”

The CFPB’s data collection efforts have stirred causes for concern among lawmakers when, last year, CFPB Director Richard Cordray said before the Oversight and Investigations Subcommittee that he could not rule out the potential for a data brach at the Bureau. Furthermore, lawmakers like Duffy have also raised concerns regarding a lack of transparency that Americans have into the CFPB’s data collection.

“We don’t know—and the American people don’t know—how much personally identifiable information the CFPB retains, how that data is protected and what the Bureau plans to do with all that data,” Duffy said.

A report from the Government Accountability Office (GAO) also highlighted serious concerns about the privacy and security of the consumers whose data are being collected by the CFPB.

The data collection efforts are massive, according to the report, which found that as of September 2014, just one of the CFPB’s 12 mass data collections had already collected information on 173 loans. Additionally, the report indicated that the CFPB has also collected information on 87% of the credit card market.

The CFPB collects account-level and transaction-level data that captures multiple aspects of consumers’ financial lives, such as information about credit cards and checking accounts.

GAO also raised concerns about the CFPB’s data security program, saying that it has “multiple troubling weaknesses” and rating the Bureau’s Information Security Continuous Monitoring program at Level 1 out of 5.

Witnesses during Wednesday’s hearing, like Dr. Mark Calabria, director of Financial Regulation Studies at the Cato Institute, argued that the CFPB’s data collection activities run afoul of Fourth Amendment protections and are in no way necessary for the agency to achieve its federal mission.

“Such could be accomplished in a manner that does not offend the Fourth Amendment, while also allowing the CFPB to fulfill its consumer protection responsibilities,” Calabria said.

Former House Speaker Newt Gingrich, who also testified, likened the CFPB to the National Security Agency.

“The CFPB is prohibited in Section 1022 of Dodd-Frank from collecting personally identifiable information on Americans, but the Bureau is doing so anyway,” he said. “And it is doing so at a massive scale that rivals the NSA’s most controversial collection programs, but for much less compelling reasons.”

Written by Jason Oliva