The Federal Emergency Management Agency shared the sensitive, personal information of more than two million disaster victims with a contractor, subjecting that information to potential identity theft and fraud.
According to a government memo written by the Office of Inspector General of the Department of Homeland Security, FEMA unnecessarily handed out the data of survivors of the 2017 California wildfires and Hurricanes Harvey, Irma and Maria.
“Since discovery of this issue, FEMA has taken aggressive measures to correct this error,” the agency said in a statement. “FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system.”
FEMA said Friday it worked with the unidentified contractor “to scrub the unnecessary data from its computer networks,” The New York Times reported.
The memo — which was dated March 15 but not released until this past Friday — revealed that 20 total fields, like details about the victims’ financial institutions, electronic funds transfer numbers and bank transit numbers were shared.
Each person helped by FEMA whose information was released was enrolled in a program called Transitional Sheltering Assistance, which provides hotels to people displaced by disasters. And, according to the memo, the contractor was aware that it was receiving this unnecessary information but didn’t alert the agency. If it had, FEMA “may have been able to remedy this situation earlier and avoid additional privacy incidents,” the memo said.
“Without corrective action, the disaster survivors involved in the privacy incident are at increased risk of identity theft and fraud,” the memo added.
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.
