A data breach has occurred within the Federal Emergency Management Agency (FEMA), resulting in the private data of nearly three million disaster victims being shared with an unnamed contractor.
The shared information includes home addresses, social security numbers and banking information for victims of U.S.-based disasters such as hurricanes Irma, Harvey and Maria in 2017 that utilized the organization’s Transitional Sheltering Assistance program, which seeks to aid and relocate individuals following a natural disaster.
FEMA press secretary Lizzie Litzow explains in a statement that the organization “provided more information than was necessary” to the contractor, and that FEMA has taken “aggressive measures to correct this error.”
FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system.
At the time of writing, it us unknown if the data breach has led to larger problems for victims such as identity theft or fraud. The Office of the Inspector General, which issued a report detailing the breach, is working with FEMA to ensure its employees receive additional security and privacy training from the Department of Homeland Security (DHS). A data filter has also been installed to ensure remaining information does not leave FEMA’s networks.
FEMA has contacted security experts to conduct on-site checks. It has also installed additional controls to measure how wide and deep the breach goes. It warns that while a permanent fix is the main goal, it may not arrive until the year 2020.
Litzow says the organization is working with the contractor to ensure private user data is immediately deleted:
FEMA has worked with the contractor to remove unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security cybersecurity and information-sharing standards. FEMA’s goal remains protecting and strengthening the integrity, effectiveness and security of our disaster programs that help people before, during and after disasters.
Several politicians and government officials have expressed their frustration with FEMA’s handling of the data. Bennie Thompson – Mississippi representative and chairman of the House Homeland Security Committee – says:
This is unacceptable, and FEMA must demonstrate it will do better in the future. Safeguarding the information of Americans already suffering from a disaster should be of the utmost importance.
Last modified: July 2, 2020 8:28 PM UTC