Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Watchdog: FEMA Wrongly Released Personal Data of Victims

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.

The Homeland Security Department’s Office of Inspector General found the breach occurred when FEMA was working with a contractor that helps provide temporary housing to those affected by disasters. FEMA is one of Homeland Security’s many agencies; the sprawling 240,000-person department also includes immigration enforcement, and the U.S. Secret Service.

FEMA officials said that since the discovery of the issue, the agency was no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system and has found no indication to suggest data has been compromised.

The agency said in a statement it is working with the contractor to remove the data from its system and has instructed staff to complete additional privacy training.

“FEMA’s goal remains protecting and strengthening the integrity, effectiveness, and security of our disaster programs that help people before, during, and after disasters,” FEMA Press Secretary Lizzie Litzow said in a statement.

Some information, like names, last four digits of a Social Security number and how many people live in a household are required to confirm eligibility and locate housing for victims. But FEMA also provided the contractor with bank names electronic funds transfer numbers and bank transit numbers that were not required by the contractor.

The 2.3 million people lived through California wildfires and Hurricanes Harvey, Irma and Maria.

The watchdog said that FEMA violated both federal privacy laws and also Homeland Security policy by giving the extra data to the contractor, whose name was redacted in the report made public Friday.

Advertisement. Scroll to continue reading.

The contractor also knew that FEMA was providing too much personal data but didn’t inform the disaster relief agency.

The 2017 hurricane season was particularly brutal. Harvey slammed ashore in Texas on Aug. 25, 2017, as a powerful Category 4 storm. It killed 68 people and deluged much of the Houston metropolitan area — home to more than 6 million people — with 3 to 4 feet of water. Flooding damaged more than 300,000 structures and caused an estimated $125 billion in damage, according to a report from the National Hurricane Center . Irma struck Florida Sept. 10 and battered Georgia and North Carolina, killing 129 and devastating the Florida Keys. Maria made landfall Sept. 20, devastating Puerto Rico and plunging much of the island into darkness for months after, causing major damage and leaving nearly 3,000 people dead.

Wildfires in California in 2017 burned some 1.2 million acres of land, destroyed more than 10,800 structures and killed at least 46, and insurance claims topped $3.3 billion.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.