FEMA shared 2.3 million disaster survivors’ personal information with contractor

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Evacuees seeking financial help consult with FEMA agents at the Convention Center which is serving as an evacuation shelter after Hurricane Harvey caused heavy flooding in Houston, Texas on August 30, 2017. Monster storm Harvey made landfall again Wednesday in Louisiana, evoking painful memories of Hurricane Katrina's deadly strike 12 years ago, as time was running out in Texas to find survivors in the raging floodwaters. (Photo credit MARK RALSTON/AFP/Getty Images)

Millions of hurricane and wildfire survivors are learning that they’re at “increased risk of identity theft and fraud” because the Federal Emergency Management Agency shared their banking and other private information.

The Department of Homeland Security inspector general said Friday that FEMA had unlawfully disclosed the private data of 2.3 million survivors with a federal contractor that was helping them find temporary housing.

The 2.3 million people include survivors of Hurricanes Harvey, Irma, and Maria, and the 2017 California wildfires.

The data includes “20 unnecessary data fields” such as electronic funds transfer number, bank transit number, and address. The data was part of a stream of information the agency feeds to the housing contractor, whose name was redacted from the public version of the inspector general’s report.

FEMA said it began filtering the data in December 2018 to prevent the information from being shared, but a more permanent fix may not be finalized until June 2020.

“Since discovery of this issue, FEMA has taken aggressive measures to correct this error. FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” said Lizzie Litzow, press secretary for FEMA, in a statement.

“To date, FEMA has found no indicators to suggest survivor data has been compromised,” Litzow said, although the inspector general’s office said the contractor keeps data security logs only for the past 30 days.

The statement also said FEMA was requiring additional privacy training for contractors and “worked with the contractor to remove the unnecessary data from the system.”

By Gregory Wallace, CNN

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.