FEMA data breach exposes personal data of 2.3 million survivors to contractor

A government watchdog has found the Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of hurricanes Harvey, Irma and Maria and the California wildfires in 2017.

Homeland Security Department’s Office of Inspector General found the breach occurred when FEMA was working with a contractor that helps provide temporary housing to those affected by disasters under the Transitional Sheltering Assistance program.

Some information, like names, last four digits of a Social Security number are required to confirm eligibility. But FEMA also provided the contractor bank names, electronic funds transfer numbers and bank transit numbers, which the agency said  in a news release that it was “more information than was necessary.”

The watchdog says the victims could be vulnerable to identity theft, although FEMA announced that it “has found no indicators to suggest survivor data has been compromised.”

Officials say they have taken “aggressive measures” the correct the error. They are changing how they deliver information to avoid giving too much information and it will be completed by 2020.

“FEMA’s goal remains protecting and strengthening the integrity, effectiveness, and security of our disaster programs that help people before, during, and after disasters,” FEMA Press Secretary Lizzie Litzow said in a statement.

---

The Associated Press contributed to this report.