The Department of Homeland Security’s Office of Inspector General discovered that FEMA overshared vital personal data with a contractor. Federal Agency Records Officers sent millions of letters to disaster survivors. Each notice informed about the FEMA privacy incident and the ways FEMA is rectifying the situation.
FEMA’s 2019 data breach
In the past, when disaster survivors were unable to return home, FEMA’s Transitional Sheltering Assistance program provided hotel accommodations. FEMA would collect and share survivor information with its contractor. This info included banking data to reimburse those affected by natural disasters directly.
The problem occurred because FEMA has not activated that version of the program since 2008. More recent versions reimburse hotels directly, making the displaced’s banking info unnecessary. Still, FEMA continued to share personally identifiable information (PII) with the contractor during other, more recent, events.
After an extensive review, FEMA determined that it overshared address information of 2.5 million individuals with the contractor. Additionally, 1.8 million of those individuals also had their banking information shared.
FEMA takes personal privacy very seriously
At this point, there is no evidence of compromised PII data. FEMA conducted a security assessment of the unnamed contractor’s computer system and deleted all previously-overshared PII. The contractor has cooperated with FEMA during the process.
In addition, FEMA changed its data-sharing operations. They vow to only share the minimum amount of data necessary for the TSA program to run. Those wanting to know more about the FEMA privacy incident may contact the office directly at 1-833-300-6934.