FEMA Defends Actions Following Data Release Affecting 2.3 Million Disaster Victims

[InfoSec News <alerts () infosecnews org>]

https://www.nextgov.com/cybersecurity/2019/03/fema-defends-actions-following-data-release-affecting-23-million-disaster-victims/155821/

By Charles S. Clark
Senior Correspondent
NextGov.com
March 26, 2019

The Federal Emergency Management Agency on Friday said it had taken 
"aggressive" corrective measures after mistakenly releasing detailed personal 
data of some 2.3 million disaster victims to a contractor.

A "management alert" dated March 15 from the Homeland Security Department’s 
acting Inspector General John Kelly hit news outlets on Friday showing that 
FEMA in 2017 "did not ensure it shared with the contractor only the data 
elements the contractor requires to perform its official duties administering" 
the program that helps people displaced by disasters find shelter in hotels.

Among the data released inappropriately, the IG found, were applicants' 
addresses, financial institution names, electronic funds transfer numbers and 
bank transit numbers.

The data release violated the 1974 Privacy Act and FEMA's own internal 
guidelines, putting at risk victims of hurricanes Harvey, Irma, and Maria and 
the California wildfires who applied for federal aid, the alert noted.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_