FEMA leaks sensitive details of 2.3 million disaster survivors

Unprotected FEMA database leaks data

The Department of Homeland Security’s Office of the Inspector General has released a report revealing that FEMA (Federal Emergency Management Agency) couldn’t protect the private and confidential information of about 2.3 million hurricane survivors.

In 2017, residents of Harvey, Maria, Irma, and California wildfires and hurricanes were offered Transitional Sheltering Assistance (TSA), which is a disaster management support program to provide aid and shelter to disaster survivors. Reportedly, FEMA could not secure the information of survivors and they are now vulnerable to identity theft and fraud.

See: Polar fitness app exposed location data of users in military & airbases

According to the DHS Inspector General , FEMA disclosed the private data of 2.3 million survivors unlawfully to a federal contractor to find a temporary housing solution for the victims.

The exposed data includes critically important personal information including:

  • Applicant First Name
    Applicant Middle Name
    Applicant Last Name
    Applicant Date of Birth
    Disaster Number
    Authorization for TSA
    Eligibility Start Date
    Eligibility End Date
    Global Name
    Export Sequence Number
    FEMA Registration Number
    Number of Occupants in Applicants Household
    Last 4 digits of Applicant’s Social Security Number

Furthermore, FEMA collected unnecessary data as well such as bank transit number; electronic funds transfer number, and street address of the applicant. A total of 20 unnecessary fields were included in the registration process, and the information was later shared with an unidentified housing contractor.

  • Applicant Street Address
    Applicant City Name
    Applicant Zip Code
    Applicant’s Bank Transit Number
    Applicant’s Financial Institution Name
    Applicant’s Electronic Funds Transfer Number

As per FEMA, data filtering was initiated last year in December and they did try their best to protect the data but a permanent solution can only be rolled out by June 2020. It was also stated that FEMA is taking “aggressive measures” for countering the issue and fix the error and has stopped sharing data with the contractor along with inspecting the information system of the contractor.

See: Trove of private military contractor job applicants exposed online

There is so far no indication of the data being compromised, but the contractors are being provided with advanced privacy training.

The revelation from the DHS Office of the Inspector General was published in an advisory titled “Management Alert – FEMA Did Not Safeguard Disaster Survivors’ Sensitive Personally Identifiable Information.”

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts