FEMA Accused of Wrongly Releasing Data of California Wildfire Victims

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported.

The Homeland Security Department’s Office of Inspector General found the breach occurred when FEMA was working with a contractor that helps provide temporary housing to those affected by disasters. FEMA is one of Homeland Security’s many agencies; the sprawling 240,000-person department also includes immigration enforcement, and the U.S. Secret Service.

FEMA officials said that since the discovery of the issue, the agency was no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system and has found no indication to suggest data has been compromised.

The agency said in a statement it is working with the contractor to remove the data from its system and has instructed staff to complete additional privacy training.

Some information, like names, last four digits of a Social Security number and how many people live in a household are required to confirm eligibility and locate housing for victims. But FEMA also provided the contractor with bank names electronic funds transfer numbers and bank transit numbers that were not required by the contractor.

The 2.3 million people lived through California wildfires and Hurricanes Harvey, Irma and Maria.

The watchdog said that FEMA violated both federal privacy laws and also Homeland Security policy by giving the extra data to the contractor, whose name was redacted in the report made public.

The contractor also knew that FEMA was providing too much personal data but didn’t inform the disaster relief agency.