FEMA data breach may have affected 2.5 million people
Agency says it has yet to find indicators that survivor info has been compromised
SAN JUAN – The Federal Emergency Management Agency (FEMA), in coordination with the Department of Homeland Security Office of the Inspector General (DHS OIG), identified an incident involving the sharing of “sensitive, personally identifiable” information of disaster survivors using the Transitional Sheltering Assistance program.
In transferring disaster survivor information to a contractor, “FEMA provided more information than was necessary,” the agency said Friday.
“We believe this oversharing has impacted approximately 2.5 million disaster survivors,” a Homeland Security official who asked for anonymity to provide background information beyond the official FEMA statement, told the Washington Post.
“He said 1.8 million people had both their banking information and addresses revealed, and about 725,000 people had just their addresses shared,” the Post further said.
FEMA said “aggressive measures” have been taken since discovery of the issue “to correct this error,” and is no longer sharing “unnecessary data with the contractor,” for whose information system it “has conducted a detailed review.”
FEMA said it has yet to find any “indicators to suggest survivor data has been compromised,” and has worked with the unnamed contractor to “remove the unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security (DHS) cybersecurity and information-sharing standards.”
The contracted staff was also “instructed” to complete additional DHS privacy training.
“FEMA’s goal remains protecting and strengthening the integrity, effectiveness, and security of our disaster programs that help people before, during, and after disasters,” a statement by FEMA Press Secretary Lizzie Litzow.