US agency shared “unnecessary” information with contractor
A data breach at the US Federal Emergency Management Agency (FEMA) exposed the personal details of 2.3 million disaster survivors to a contractor, according to a new report.
The breach was discovered during an audit of the disaster relief agency’s Transitional Sheltering Assistant program, the Department of Homeland Security’s (DHS) Office of Inspector General revealed.
Victims included survivors of the 2017 California wildfires, as well as hurricanes Harvey, Irma, and Maria.
Exposed information is believed to include home addresses, Social Security numbers, and bank account information, which was supplied to FEMA by US citizens looking to access temporary housing.
FEMA press secretary Lizzie Litzow said in a statement that the agency had transferred an “unnecessary” amount of information to an unnamed contractor.
She added: “In transferring disaster survivor information to a contractor, FEMA provided more information than was necessary.
“Since discovery of this issue, FEMA has taken aggressive measures to correct this error.
“FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system.”
If a malicious party gained access to the exposed details, the disaster victims could be vulnerable to identity fraud.
However, Litzow stressed that there was no indication that this data has been compromised.
She added: “To date, FEMA has found no indicators to suggest survivor data has been compromised. FEMA has also worked with the contractor to remove the unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security cybersecurity and information-sharing standards.
“As an added measure, FEMA instructed contracted staff to complete additional DHS privacy training.”