The Federal Emergency Management Agency wrongly released the personal information of 2.3 million survivors of hurricanes and wildfires in 2017 to a contractor, which could expose the victims to identity fraud and theft, a government watchdog said Friday.
The 2.3 million people exposed by the privacy screw-up are said to be survivors of the California wildfires, and Hurricanes Harvey, Irma, and Maria, all in 2017. "Without corrective action, the disaster survivors involved in the primacy incident are at increased risk of identity theft and fraud", the report read. Federal law requires federal agencies to only give contractors the information that is legally authorized and necessary.
The name of the contractor who received this data was redacted in the OIG report.
The memo, which was dated March 15 but surfaced Friday, found that 20 data fields were unnecessarily shared with the contractor, including details about the victims' financial institutions, electronic funds transfer numbers and bank transit numbers.
In the OIG's report, FEMA said that once it became aware of the problem, the agency installed a data filter on in December to prevent unnecessary survivors' personal data from leaving its system.
Deepika Padukone's FIRST LOOK in 'Chhapaak' revealed
If we scan through Laxmi's pictures, we realise that it's the jawline that was the most affected by the cruel acid attack. Deepika posted the first look on her Instagram and said that the character, named Malti will stay with her forever.
FEMA reported it has complied with the OIG's recommendations to "safeguard both Personally Identifiable Information and Sensitive Personally Identifiable Information of disaster survivors". FEMA is one of Homeland Security's many agencies; the sprawling 240,000-person department also includes immigration enforcement, and the U.S. Secret Service.
FEMA awarded contracts to 1,660 different entities in the last fiscal year, according to federal contracting data, covering everything from food to construction equipment.
In a canned statement sent out to inquiring press, FEMA said it corrected the mistake.
The compromised information included data belonging to victims of the 2017 California wildfires in wine country and Ventura and Santa Barbara counties.
The agency noted that it's working with the contractor to scrub the data and mandated staff to complete additional privacy training.