Survivors may still be picking up the pieces after the natural disasters that have swept across the country over the past couple of years, and now they have a new issue to contend with: the possibility of identity theft thanks to what the Federal Emergency Management Agency is calling a "major privacy incident." BuzzFeed reports on findings by the Department of Homeland Security's Office of Inspector General, released Friday, that indicate personal data on 2.3 million disaster survivors, including banking details, was shared by FEMA with a housing contractor. FEMA is now doing damage control, saying it used "aggressive measures" to remedy the problem once it was discovered. A DHS official tells the Washington Post it may have been up to 2.5 million people affected.
"FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor's information system," a statement from the agency reads, adding that "to date, FEMA has found no indicators to suggest survivor data has been compromised." The data sharing affected people who used FEMA's Transitional Sheltering Assistance program, including those hit by the 2017 California wildfires and hurricanes Irma, Harvey, and Maria that same year. FEMA had to give the unnamed contractor certain info on applicants so it could determine who was eligible for the program, but the agency apparently overreached by providing extra, unnecessary info. By sharing individuals' data with the contractor, FEMA breached both a federal privacy mandate and DHS policy, the IG report notes. (Read more FEMA stories.)