U.S.

FEMA Released Personal, Banking Information of 2.3 Million Hurricane and Wildfire Survivors

Millions of people who depended on the Federal Emergency Management Agency (FEMA) after 2017 natural disasters have learned their personal information was leaked to federal contractors. This includes personal and banking information, per a report released by the Inspector General’s office in the Department of Homeland Security.

The report dated March 15 of this year includes 2.3 million survivors of 2017 major hurricanes Harvey, Irma and Maria, and survivors of the scorching California wildfires from that year.

The IG, during its audit, found that information from survivors was passed along during transitions into temporary housing—hotels, FEMA trailers and other temporary housing—and that FEMA violated the Privacy Act of 1974, according to the DHS report.

When applying for disaster, residents must provide personal information (PSII), which is typically their name, address and birth date. They must also provide sensitive personal information (SPII), which includes financial and bank information. FEMA then determines which SPII information should be used when determining assistance for survivors. This includes the bank name, transit number and account number, per the IG report.

Among the “20 unnecessary data” points at risk for the 2.3 million people are the last four digits of their social security number, full name, disaster number, and bank information. Other information includes: disaster number, authorization for TSA, number of occupants in applicants household, eligibility start date, eligibility end date, global name, export sequence number and FEMA registration number.

The data obtained was just a portion of what FEMA sent to housing contractors, the report stated.

FEMA press secretary Lizzie Litzow issued a statement that claims the agency is working to both correct this error, and make sure it doesn’t happen again.

"Since discovery of this issue, FEMA has taken aggressive measures to correct this error. FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor's information system," Litzow stated in this CNN report. "To date, FEMA has found no indicators to suggest survivor data has been compromised.”

Litzow said FEMA is working with contractors to make sure private information was eliminated from those systems, which typically stays for 30 days, she said.

The 2017 hurricane season was one of the most destructive years in the past quarter century. Harvey obliterated the Texas coastal bend of Rockport and Port Aransas Pass, and then moved up the coast and flooded Houston, with some areas getting more than 52 inches of rain in a little more than two days. The storm moved east and flooded the Texas Golden Triangle region of Beaumont-Orange-Port Arthur, and then moved through Louisiana and northeastward to the Atlantic.

Hurricane Irma, which hit Southwest Florida, was a Category 5 storm before weakening and making landfall as a Cat 3 storm in Southwest Florida. Hurricane Maria devastated Puerto Rico, which is still recovering more than 18 months after the storm.

The 2017 California wildfires were the most destructive in the state’s history at the time, scorching nearly 1,4 million acres of land from more than 9,100 fires.

Editor's Pick