https://www.law.cornell.edu/uscode/text/18/1030
(a)Whoever—
(2)intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(A)
information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n)?[1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
shall be punished as provided in subsection (c) of this section.
(c)The punishment for an offense under subsection (a) or (b) of this section is—