Home / Archive / FEMA Data Breach Exposes Private Data of Nearly 3 Million Individuals
3 min read

FEMA Data Breach Exposes Private Data of Nearly 3 Million Individuals

Last Updated September 28, 2020 2:56 PM
Nick Marinoff
Last Updated September 28, 2020 2:56 PM

A data breach has occurred within the Federal Emergency Management Agency (FEMA), resulting in the private data of nearly three million disaster victims being shared with an unnamed contractor.

Who’s at Risk?

The shared information includes home addresses, social security numbers, and banking information for victims of U.S.-based disasters such as Hurricanes Irma, Harvey and Maria in 2017 that utilized the organization’s Transitional Sheltering Assistance program, which seeks to aid and relocate individuals following a natural disaster.


FEMA press secretary Lizzie Litzow explains in a statement  that the organization “provided more information than was necessary” to the contractor and that FEMA has taken “aggressive measures to correct this error.”

Desperate Measures Are Called For

She claims:

FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system.

At the time of writing, it is unknown if the data breach has led to larger problems for victims such as identity theft or fraud. The Office of the Inspector General, which issued a report  detailing the breach, is working with FEMA to ensure its employees receive additional security and privacy training from the Department of Homeland Security (DHS). A data filter has also been installed to ensure the remaining information does not leave FEMA’s networks.

FEMA, data breach, disaster victim
FEMA says it’s working on a permanent fix of the data breach, but that it may not arrive until the year 2020. | Source: Shutterstock

FEMA has contracted security experts to conduct on-site checks. It has also installed additional controls to measure how wide and deep the breach goes. It warns that while a permanent fix is the main goal, it may not arrive until  the year 2020.

Litzow says the organization is working with the contractor to ensure private user data is immediately deleted:

FEMA has worked with the contractor to remove unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security cybersecurity and information-sharing standards. FEMA’s goal remains protecting and strengthening the integrity, effectiveness and security of our disaster programs that help people before, during and after disasters.

The Anger Grows

Several politicians and government officials have expressed their frustration  with FEMA’s handling of the data. Bennie Thompson – Mississippi representative and chairman of the House Homeland Security Committee – says:

This is unacceptable, and FEMA must demonstrate it will do better in the future. Safeguarding the information of Americans already suffering from a disaster should be of the utmost importance.