FEMA put 2.3M disaster survivors at risk of identity theft, watchdog says

Image: People Queue to File FEMA Forms
People wait at the Jose de Diego Elementary School to file FEMA forms for federal aid in the aftermath of Hurricane Maria on Oct. 2, 2017 in Las Piedras, Puerto Rico. Copyright Carlos Giusti AP file
By Doha Madani with NBC News U.S. News
Share this articleComments
Share this articleClose Button

Survivors of the 2017 California wildfires, hurricanes Harvey, Irma and Maria were among the millions whose privacy was violated, the inspector general's report says.


The Federal Emergency Management Agency failed to safeguard personally identifying information of US disaster survivors, putting millions of Americans at risk of fraud or identity theft, the Department of Homeland Security inspector general finds in a new report.

The problem occurred when FEMA unnecessarily released to a private contractor personal information of people applying for transitional housing in 2017. The breach violated the Privacy Act of 1974, the report said.

The office estimates that the 2.3 million people put at risk include survivors of the 2017 California wildfires as well as hurricanes Harvey, Irma and Maria.

FEMA, the agency which provides relief to U.S. citizens following major disasters, provided its contractor with "more than 20 unnecessary data fields for survivors participating in the sheltering program," the March 15 report states.

Jonathan Ernst
President Donald Trump, with first lady Melania Trump, tour areas damaged by Hurricane Maria in Guaynabo, Puerto Rico, on Oct. 3, 2017.Jonathan Ernst

Some of the unnecessary data provided to the contractor included sensitive personal information such as electronic funds transfer numbers and bank transit numbers.

"Without corrective action, the disaster survivors involved in the privacy incident are at increased risk of identity theft and fraud," the report said.

The name of the contracted company was not identified in the report.

Lizzie Litzow, FEMA's press secretary, said in a statement to NBC News on Friday that the agency "worked with the contractor to remove the unnecessary data from the system."

"FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor's information system," Litzow said. "To date, FEMA has found no indicators to suggest survivor data has been compromised."

The agency also said it has instructed contractors to complete additional DHS privacy training.

Share this articleComments

You might also like

Trump wins South Carolina, easily beating Haley in her home state and closing in on GOP nomination

Washington: Russian nuclear anti-satellite system is 'troubling'

US Senate passes Ukraine aid, but House Speaker refuses to hold vote