Newport News Police mourn officer’s death, provide more details of deadly incident

FEMA shared 2.3 million disaster survivors’ personal information with contractor

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Millions of hurricane and wildfire survivors are learning that they’re at “increased risk of identity theft and fraud” because the Federal Emergency Management Agency shared their banking and other private information.

The Department of Homeland Security inspector general said Friday that FEMA had unlawfully disclosed the private data of 2.3 million survivors with a federal contractor that was helping them find temporary housing.

The Department of Homeland Security inspector general said on March 22, 2019, that the Federal Emergency Management Agency unlawfully shared the private information of 2.3 million hurricane and wildfire survivors with a federal contractor that was helping them find temporary housing.

The 2.3 million people include survivors of Hurricanes Harvey, Irma and Maria and the 2017 California wildfires.

The data includes “20 unnecessary data fields” such as electronic funds transfer number, bank transit number, and address. The data was part of a stream of information the agency feeds to the housing contractor, whose name was redacted from the public version of the inspector general’s report.

Related: California’s largest utility provider could face murder charges for wildfires, AG says 

FEMA said it began filtering the data in December 2018 to prevent the information from being shared, but a more permanent fix may not be finalized until June 2020.

“Since discovery of this issue, FEMA has taken aggressive measures to correct this error. FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” said Lizzie Litzow, press secretary for FEMA, in a statement.

“To date, FEMA has found no indicators to suggest survivor data has been compromised,” Litzow said, although the inspector general’s office said the contractor keeps data security logs only for the past 30 days.

The statement also said FEMA was requiring additional privacy training for contractors and “worked with the contractor to remove the unnecessary data from the system.”

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.