March 26, 2019 - A massive data breach at the Federal Emergency Management Agency has exposed the personal information of roughly 2.5 million recent disaster survivors. And nearly 1.8 million of those people are also at heightened risk of identity theft and bank fraud as a result FEMA's inept handling of personally identifiable information (PII). If nothing else, this breach proves that the federal government is still completely incapable when it comes to data protection.
The breach occurred when FEMA hired an outside contractor to handle portions of the agencies Transitional Sheltering Assistance program. Once hired, FEMA shared victim data with the contractor but failed to place any filters on the types of data that were shared. This resulted in name and address information on 2.5 million people being shared. And for 1.8 million of these people, their banking information was also shared.
The unlucky citizens who had their information breached by FEMA were survivors of hurricanes Harvey, Irma and Maria, and of last year's California wildfires.
FEMA has gone into damage control mode over the breach. They are claiming that the breach was a result of "oversharing" of data and that they are now employing "aggressive measures" to correct the problem and make sure it doesn't happen again. They are also requiring the outside contractor's staff working on this project to go through additional privacy training from the Department of Homeland Security. All of this would be laughable if it wasn't for the fact that there is real potential for these victims to suffer significant financial harm as a result of FEMA's blunder.
The facts are that the so called "oversharing" never would have taken place if FEMA had proper data security policies in place before the breach. And if their "aggressive action" is to force third party personnel to go through privacy training, they are falling far short of any effective policy changes. It wasn't a third party contractor that caused this breach. It was FEMA. If anyone needs to go through privacy training, it would seem that FEMA employees would be a much better target.
No one should really be surprised by any of this given the federal governments atrocious record with data protection. This is just the latest in a long line of data breaches; some of which have released much more sensitive information that this one. It really isn't any wonder that agencies like the Department of Defense and the Department of Energy are getting hacked by the Chinese government. If they can't protect information related to national security, why would anyone think they can protect our personal information?
Anyone who believes they may have been impacted by this breach needs to notify their bank and watch their credit report. As a safety precaution, it would be a good idea to close old bank accounts and open new ones. At this time it is unknown whether or not the breached data has led to any instances of fraud. If you believe your information may have been breached here, it is much better to error on the side of caution than to find out later that you bank account has been emptied out by crooks.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|