A government oversight agency found the Federal Emergency Management Agency put 2.3 million survivors of natural disasters at risk for identity theft by releasing more personal information than necessary to a contractor providing temporary housing.
The survivors were victims of hurricanes Harvey, Irma, and Maria and the 2017 California wildfires, according to the Homeland Security Department’s Office of Inspector General.
While FEMA is required to provide some personal information—including names, birthdays, and the last four digits of one’s social security number—the agency gave more information than what’s required under the updated program. Unnecessary information shared includes individuals’ addresses and bank information like electronic funds transfer numbers and bank transit numbers.
The Office of Inspector General found that FEMA did not take steps to ensure it was only providing the necessary information, and the contractor did not tell FEMA the agency was providing more than needed.
According to an Inspector General management alert, FEMA has agreed to update how it delivers such personal information by 2020. The agency is also taking steps to remove the excess personal information from the contractor’s records and ensure the contractor meets security standards.