FEMA Privacy Incident Discovered During Audit

FEMA Privacy Incident Discovered During Audit

The Department of Homeland Security’s Office of Inspector General discovered that FEMA overshared vital personal data with a contractor. Federal Agency Records Officers sent millions of letters to disaster survivors. Each notice informed about the FEMA privacy incident and the ways FEMA is rectifying the situation.

FEMA’s 2019 data breach

In the past, when disaster survivors were unable to return home, FEMA’s Transitional Sheltering Assistance program provided hotel accommodations. FEMA would collect and share survivor information with its contractor. This info included banking data to reimburse those affected by natural disasters directly.

The problem occurred because FEMA has not activated that version of the program since 2008. More recent versions reimburse hotels directly, making the displaced’s banking info unnecessary. Still, FEMA continued to share personally identifiable information (PII) with the contractor during other, more recent, events.

After an extensive review, FEMA determined that it overshared address information of 2.5 million individuals with the contractor. Additionally, 1.8 million of those individuals also had their banking information shared.

FEMA takes personal privacy very seriously

At this point, there is no evidence of compromised PII data. FEMA conducted a security assessment of the unnamed contractor’s computer system and deleted all previously-overshared PII. The contractor has cooperated with FEMA during the process.

In addition, FEMA changed its data-sharing operations. They vow to only share the minimum amount of data necessary for the TSA program to run. Those wanting to know more about the FEMA privacy incident may contact the office directly at 1-833-300-6934.

Achieva Life blogs and articles are intended to provide general information, thoughts, and articles in regards to the topics covered therein. Achieva Life is provided with the intent and understanding that Achieva Credit Union is not engaged in the act of rendering financial, consulting, medical, technological, legal, accounting or any other professional advice. The information provided within Achieva Life is not intended nor should be used as a substitute for medical, legal, or other professional advice or other expert opinions. Achieva Credit Union is not responsible for the accuracy of the information on Achieva Life and makes no representation regarding the accuracy of the content. Achieva Credit Union reserves the right to delete or block any comments. The content and comments on Achieva Life do not necessarily reflect the views of Achieva Credit Union.