The Federal Emergency Management Agency shared personal addresses and banking details of more than 2 million US survivors who, according to the agency, were "a serious data breach" on Friday.
The recently discovered data shortage and a report by the Office of the Inspector General of the US Department of Homeland Security when the agency shared sensitive, personally identifiable information about disaster survivors who used FEMA's transitional support program, FEMA officials said. The victims included the victims of California forest fires in 2017 and the Hurricanes Harvey, Irma and Maria.
In a statement, Lizzie Litzow, a press secretary at FEMA, said there was more information than needed from survivors to a contractor during the transfer of the disaster.
"We believe this overwork has affected approximately 2.5 million survivors of disasters," said a Department of Homeland Security official requesting anonymization to provide background information outside the official FEMA statement.
He said 1.8 million people had both their bank details and their addresses disclosed, and about 725,000 people only reported their addresses.
It is unclear whether surpassing has led to identity theft or other malicious acts.
I have no information that it was compromised in a harmful way, "the DHS official said.
The Inspector General's report said the Priva Cy mishap threatened survivors with" identity theft and fraud. " In March, it was estimated that 2.3 million people were affected, slightly less than the estimate of the DHS official on Friday.
The Inspector General's report to FEMA There had to be checks installed to make sure that data did not continue be shared with the contractors and that the agency must assess how extensive the problem was and ensure that the data is destroyed in the contractor's system.
In Inspector General As the FEMA reports, the agency has one in December Data filters are installed to prevent unnecessary personal data from survivors leaving their system, FEMA says e also in the report that since the launch of its new procedures, it has twice deployed internal security experts to verify its network on the ground.
Litzow said FEMA had "taken aggressive action to correct this error". FEMA will not provide the contractor with any unnecessary data and has carried out a detailed review of the contractor's information system.
FEMA refused to identify the contractor.
Litzow said FEMA had worked with the contractor to remove the excess data from his system. According to Litzow, FEMA assigned an additional measure to complete additional DHS privacy training.
"This is unacceptable, and FEMA needs to show that things are going better in the future," said MP Bennie Thompson (D-Miss). ), the chairman of the Homeland Security Committee of the House. "Protecting the information of Americans who are already suffering from a disaster should be of the utmost importance."