Wildfires and natural disasters take emotional toll on victims
FEMA mishandled the personal information of 2.3 million people driven out of their homes by wildfires in 2017 and hurricanes, an Inspector General report released Friday found.
The breach affected disaster victims who were staying in hotels provided by the federal government. The information could include financial information, names, addresses, birth dates and more. Hurricane victims of Harvey, Irma and Maria were affected.
Disaster victims are required to provide FEMA with personal information when they apply for disaster assistance. Federal law requires federal agencies to only give contractors the information that is legally authorized and necessary.
But FEMA provided a contractor administering the hotel program with enough personal information of victims that it puts them at “increased risk of identity theft and fraud,” according to the report. The contractor’s name is redacted in the report.
FEMA said in a statement Friday that it has corrected the issue.
“FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” reads the statement, which is not attributed to any official. “To date, FEMA has found no indicators to suggest survivor data has been compromised.”
But unnamed FEMA officials told the Inspector General’s office that fully fixing the issue would take longer, according to the report.
“FEMA headquarters officials told us it may be feasible to change the data transfer script to remove the unnecessary (personal information), but such change would need to be coordinated with the Individual Assistance and Mass Care program offices, which may be time consuming,” the report says.