The Federal Emergency Management Agency (FEMA) inappropriately shared the personal information of more than 2 million survivors of hurricanes Harvey, Irma, and Maria and the California wildfires in 2017.
The agency said it “provided more information than was necessary” while transferring survivor information to a third-party contractor that helps provide temporary housing to people affected by disasters under the Transitional Sheltering Assistance program.
“We believe this oversharing has impacted approximately 2.5 million disaster survivors,” an unnamed Department of Homeland Security official told the Washington Post.
Vulnerable to identity theft and fraud
The error was recently discovered by the Department of Homeland Security’s Office of Inspector General and detailed in a report dated March 15. Individuals who had personal data shared could be vulnerable to identity theft and fraud, the Inspector General report said.
However, FEMA has said that it’s “found no indicators to suggest survivor data has been compromised” and that it has taken “aggressive measures” to correct the error.
“FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” FEMA Press Secretary Lizzie Litzow said in a statement.
The name of the contractor who wrongly received the information hasn’t been released, but the agency said it "worked with the contractor to remove the unnecessary data from the system."
“FEMA’s goal remains protecting and strengthening the integrity, effectiveness, and security of our disaster programs that help people before, during, and after disasters,” Litzow said.