FEMA mistakenly shared personal data of 2.3 million natural disaster survivors
Mar. 23–It was not an act of God, but it was a disaster.
FEMA inadvertently exposed the private data of millions of natural disaster survivors, including their bank account information and addresses, the Department of Homeland Security’s Office of Inspector General said in a new report.
Victims of the breach, who are all at “increased risk of identity theft and fraud,” include those impacted in the 2017 California wildfires as well as survivors of Hurricanes Irma, Harvey and Maria.
According to the report, which was made public Friday, FEMA unlawfully disclosed the personal information of 2.3 million people to a federal contractor helping them to find temporary housing. The unidentified contractor was privy to “20 unnecessary data fields,” including bank transit and electronic funds transfer numbers.
FEMA spokeswoman Lizzie Litzow in a statement said the agency had no evidence suggesting the personal information was compromised, acknowledging however that there was an “oversharing of information with a contracted vendor.”
The federal agency, which has already faced significant criticisms for its response to the devastating hurricane season, said it has since taken “aggressive measures” to prevent the further sharing of private information.
“FEMA has also worked with the contractor to remove unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security cybersecurity and information-sharing standards,” Litzow said, noting that contracted staff were also required to go through additional privacy training.
“FEMA’s goal remains protecting and strengthening the integrity, effectiveness, and security of our disaster programs that help people before, during and after disasters.”
FEMA said it is filtering data to avoid a repeat of the breach, but said a permanent fix may not be ready until 2020. ___
This article is written by Jessica Schladebeck from New York Daily News and was legally licensed via the Tribune Content Agency through the NewsCred publisher network. Please direct all licensing questions to firstname.lastname@example.org.