The Federal Emergency Management Agency mishandled sensitive information of 2.3 million disaster victims, putting them at risk for identity theft, according to the Department of Homeland Security's Office of Inspector General.
The inspector general said the data belonged to survivors of hurricanes Harvey, Irma and Maria as well as the 2017 California wildfires, who had used FEMA’s Transitional Sheltering Assistance program. The information included addresses, bank names and other financial information.
The breach happened when the information was transferred to a contractor, whom FEMA didn’t name.
FEMA Press Secretary Lizzie Litzow on March 22 said FEMA has taken “aggressive measures” to correct the mistake, including conducting a review of the contractor’s information system.
The agency also no longer shares unnecessary data with the contractor, she said, and has updated its contract to ensure compliance with DHS cybersecurity and information-sharing standards.
FEMA hasn’t found any signs that survivor data has been misused, Litzow said.