FEMA Privacy Breach Exposes Millions of Disaster Victims to Potential Identity Theft
Our world is increasingly controlled by computers. And that means privacy is getting much more difficult to maintain.
This would be true even if every organization did a better job of securing its information. Hackers always seem to be one step ahead of them.
Unfortunately, many don’t do a good job of protecting clients’ privacy even when hackers are not targeting them. And that’s a recipe for disaster.
The latest organization to commit an epic fail in this area? The Federal Emergency Management Agency (FEMA). To make matters worse, the victims have already suffered hardship.
Addresses and Banking Info Shared
Recently, it was announced that FEMA committed a major privacy breach. The agency described it as an “incident,” but was soft-pedaling it.
They accidentally shared the addresses and banking information of nearly 2 million U.S. disaster survivors.
This recent discovery was reported by the Department of Homeland Security (DHS).
The victims were those who used FEMA’s Transitional Sheltering Assistance program. That was after Hurricanes Harvey, Irma and Maria. As well as following California wildfires.
Victims Now Threatened With Fraud
A DHS official said 1.8 million people had both their banking and addresses revealed to a contractor. Another 725,000 people had only their addresses exposed.
The DHS report said the privacy problem threatened disaster survivors with “identify theft and fraud.”
Representative Bennie Thompson is chairman of the House Homeland Security Committee. Here’s what he said about the situation.
“This is unacceptable. FEMA must demonstrate it will do better in the future. Safeguarding the information of Americans already suffering from a disaster should be of the utmost importance.”
FEMA’s Remedy Is Time Consuming
FEMA officials quickly announced they were working with the unnamed contractor.
That’s to make sure no additional private details are shared. And that the contractor will destroy everything it received.
FEMA officials promised to resolve these types of problems by the midpoint of 2020.
The U.S. Inspector General said that’s not soon enough. Here’s how a statement from the Office of the Inspector General read. “Given the sensitive nature of these findings, we urge FEMA to expedite this timeline.”
Contractor Failed to Speak Up
By necessity, FEMA must work with contractors following disasters. As one example, contractors provide temporary housing for survivors.
But by its own rules, they are only supposed to release certain information. Such as names, birthdates and the last four digits of Social Security numbers. That’s to verify eligibility for benefits.
In this case, FEMA mistakenly released more. Home addresses, bank names, and bank transfer and transit numbers of victims were exposed.
According to the report, the contractor learned of the data breach after it occurred. But the contractor did not inform FEMA.
A timely communication from the contractor to FEMA might have made a difference. It could have helped the agency “remedy this situation earlier and avoid additional privacy incidents.”
FEMA Reeling From Mishaps
FEMA has seen considerable criticism through the years. The agency has been without a leader since administrator Brock Long left in early March.
Long had been investigated for the misuse of government cars. But FEMA’s problems run much deeper than that.
The agency was criticized for its responses to the 2017 hurricane season. Agency officials admitted they underestimated the situation. Especially the challenges of dealing with the aftermath of Harvey, Irma and Maria.
Nearly 3,000 people in Puerto Rico died after Irma and Maria wreaked havoc there. Supplies were slow in arriving and power was out for months in many areas.
5 Ways to Try to Avoid ID Theft
And now the privacy breach has exposed millions to ID theft and fraud. What if you were one of those people?
Here are five steps you can take to decrease the odds that you will be a victim of identity theft:
- Use strong security software.
- Don’t open suspicious looking emails. And don’t click on links if you do open one.
- Check your credit card and banking statements regularly. Some people choose to do this online every day.
- Create strong passwords. Long passwords with multiple usages of letters, numbers and symbols are the strongest.
- Use different passwords for your accounts. If a hacker learns your password for one account, he will try it for your other accounts.
No matter how careful you are, you could become a victim. Now, having your data compromised does not mean that your identity will be stolen, but it is a reason to be extra vigilant. The sooner you detect a problem, the sooner you can fix it. Take caution, and be alert.