FEMA mishandled the personal information of 2.3 million people driven out of their homes by wildfires in 2017 and hurricanes, anInspector General reportreleased Friday found.
During our ongoing audit of the Federal Emergency Management Agency’s (FEMA) Transitional Sheltering Assistance (TSA) program, we determined that FEMA violated the Privacy Act of 19741 and Department of Homeland Security policy by releasing to [contractor] the PII and SPII of 2.3 million survivors of hurricanes Harvey, Irma, and Maria and the California wildfires in 2017.
The breach occurred because proper safeguards were not taken for disaster victims who participated in FEMA’s program to provide transitional shelter to survivors left homeless, often placing them in hotels and other temporary lodging arrangements, the report said.The type of information compromised included full names, birth dates, partial social security numbers, addresses and financial information.
Disaster victims are required to provide FEMA with personal information when they apply for disaster assistance.Federal law requires federal agencies to only give contractors the information that is legally authorized and necessary. FEMA said in a statement Friday that it has corrected the issue.
“FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” reads the statement, which is not attributed to any official. “To date, FEMA has found no indicators to suggest survivor data has been compromised.”