WASHINGTON (NEXSTAR) — The Federal Emergency Management Agency is apologizing after it unnecessarily shared the private information of 2.5 million natural disaster survivors.
FEMA says it unintentionally shared home addresses and banking information with a third-party contractor. An internal federal investigation highlighted the problem in March, finding people who used a temporary shelter relief program were at risk of fraud or identity theft.
“FEMA acted quickly to ensure that overshared information was quarantined, protected, and permanently removed from the contractor’s system,” the agency said in a statement.
But it can’t be sure if anyone’s data has already been compromised.
“You never know who they’re dealing with and whether they’re all going to protect that data, so it’s worrisome for consumers,” John Breyault of the National Consumers League, a Washington-based advocacy organization, said of the breach. “Federal government agencies aren’t taking the security of the data they’re collecting about you and me as seriously as they should.”
He said the mishap should serve as a lesson to FEMA and other agencies.
“There’s a lot of terrible outcomes that could have happened,” he said. “We think Congress should be putting pressure on these agencies to take cybersecurity seriously.”
FEMA has issued an apology and sent letters to those impacted offering free credit monitoring services for 18 months.