News & Opinion | March 25, 2019 11:30 am

Personal Data of 2.3 Million Disaster Victims Was Released by FEMA

The information belonged to victims of the California wildfires and Hurricanes Harvey, Irma and Maria.

FEMA data
U.S Army soldiers offload bottled water from a helicopter during FEMA recovery efforts four weeks after Hurricane Maria struck in Utuado, Puerto Rico. (Mario Tama/Getty Images)
Getty Images

The Federal Emergency Management Agency shared the sensitive, personal information of more than two million disaster victims with a contractor, subjecting that information to potential identity theft and fraud.

According to a government memo written by the Office of Inspector General of the Department of Homeland Security, FEMA unnecessarily handed out the data of survivors of the 2017 California wildfires and Hurricanes Harvey, Irma and Maria.

“Since discovery of this issue, FEMA has taken aggressive measures to correct this error,” the agency said in a statement. “FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system.”

FEMA said Friday it worked with the unidentified contractor “to scrub the unnecessary data from its computer networks,” The New York Times reported.

The memo —  which was dated March 15 but not released until this past Friday — revealed that 20 total fields, like details about the victims’ financial institutions, electronic funds transfer numbers and bank transit numbers were shared.

Each person helped by FEMA whose information was released was enrolled in a program called Transitional Sheltering Assistance, which provides hotels to people displaced by disasters. And, according to the memo, the contractor was aware that it was receiving this unnecessary information but didn’t alert the agency. If it had, FEMA “may have been able to remedy this situation earlier and avoid additional privacy incidents,” the memo said.

“Without corrective action, the disaster survivors involved in the privacy incident are at increased risk of identity theft and fraud,” the memo added.