The Federal Emergency Management Agency (FEMA), a division of Homeland Security in the U.S., improperly shared the personal data of some 2.3 million victims from four major 2017 disasters to a private contractor.
Proper safeguards were not taken for disaster victims who participated in FEMA's program to provide transitional shelter to survivors left homeless, often placing them in hotels and other temporary lodging arrangements. Information compromised included full names, birth dates, partial social security numbers, addresses and financial information, including applicants' bank transfer details. Of the information that was disclosed, bank data might have been the most damaging. This put them at risk of identity theft and fraud. The victims affected include survivors of Hurricanes Harvey, Irma and Maria and the 2017 California wildfires. The disclosure came just as rebuilding disasters in Florida and California continues. The report was publicly released Friday.
FEMA in action
FEMA Associate Administrator Joel Doolin acknowledged the breach and said the agency "has taken aggressive action to mitigate the issues raised within this report." FEMA said it began filtering the data in December 2018 to prevent the information from being shared, but a more permanent fix may not be finalized until June 2020.