Breach, Data Security

FEMA offers free credit monitoring after mishandling disaster survivors’ data

The Federal Emergency Management Agency (FEMA) last week publicly acknowledged that for roughly 10 years it unnecessarily exposed the personally identifiable information of roughly 2.5 million disaster survivors to a third-party contractor.

FEMA does not believe citizens' data was compromised due to the error, which was originally reported last month by the U.S. Department of Homeland Security Office of the Inspector General. Still, as a precautionary measure, the federal agency will offer 18 months of free credit monitoring services to those affected by the breach.

The third-party vendor in question runs FEMA's Transitional Sheltering Assistance program, which provides lodging for individuals who cannot return home following a disaster. In an online notification and corresponding letter to affected individuals, FEMA said that the approximately 2.5 million affected citizens had applied for federal disaster assistance between 2008 and late 2018 and were eligible to receive emergency lodging via the TSA program.

FEMA further explained that it originally started sharing survivors' banking and home address information with the TSA contractor so that the third party could reimburse disaster victims for their incurred lodging costs. However, as of 2008, the reimbursement program ended, and since then the lodging providers have instead been paid directly through the program. Nevertheless, FEMA continued to share the same information with the contractor, even though it was no longer needed.

Of the individuals affected, about 1.8 million had their banking information shared.

FEMA said it has addressed the breach by permanently deleting the unnecessarily shared information from the contractor's system, revising its data sharing process and conducting a security assessment of the contractor computer system.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.