In a dramatic Friday evening news dump, a government watchdog report revealed that the Federal Emergency Management Agency (FEMA), tasked with safeguarding the personal information of disaster survivors, may have left the data of millions of individuals exposed to possible identity theft and fraud.
The news comes at a time when FEMA is facing a shortage in staff and operating without an administrator — all while disasters like hurricanes and wildfires exacerbated by climate change become more common and more severe.
In a report dated March 15, the Department of Homeland Security’s Office of Inspector General (DHS OIG) found that FEMA failed to properly secure the personal addresses and banking information of more than 2 million disaster survivors, part of what FEMA called a “major privacy incident.”
The report states that FEMA violated DHS policy by accidentally releasing too much information when transferring data to a contractor, who is so far unnamed. Among the more than 2 million people impacted are survivors of Hurricanes Irma, Harvey, and Maria, along with those recovering from the California wildfires.
The information left unguarded by FEMA includes the full names and the final four digits of Social Security numbers, in addition to bank account information and addresses. Birthdays and the number of occupants per household were also included. Some of that information was reportedly required in an earlier version of the Transitional Sheltering Assistance program, although it is not required by a newer version. FEMA nevertheless sent the information to the contractor anyway, thereby exposing those seeking disaster aid to potential exploitation.
“Without corrective action, the disaster survivors involved in the privacy incident are at increased risk of identity theft and fraud,” the report notes.
While the report states that 2.3 million people are impacted by the breach, in a separate statement a DHS official said the agency believes the incident “has impacted approximately 2.5 million disaster survivors.”
Spokespersons for FEMA asserted that there is no reason to believe that the data has been compromised and that the information has been removed from the contractor’s systems. However, according to the internal review, the contractor only maintains records from the prior 30 days — making it hard to ascertain whether the data may have been compromised before that point.
The disaster agency moreover told OIG that the problem won’t be fully resolved until June 30.
That incident comes in the midst of larger issues for FEMA, as hurricanes, wildfires, and other disasters grow more devastating, all while the agency struggles with leadership and staffing.
Brock Long, the agency’s former administrator, resigned in February after leading FEMA through more than 220 declared disasters in two years alone. His tenure was peppered with controversy, some of which was personal. In September 2018, the OIG found that Long had improperly used government vehicles and funds to travel home to North Carolina. Jeffrey Byard has been nominated to replace Long.
Other issues have also plagued FEMA. No one disaster can be connected to climate change, but experts have repeatedly noted a correlation between global warming and the uptick in more severe wildfires and hurricanes. Beyond these challenges, FEMA has also had to contend with their own unforced errors: when Hurricane Maria devastated Puerto Rico in 2017, the agency’s fumbling response sparked outcry on the island. The storm ultimately led to the longest blackout in U.S. history along with an estimated 2,975 deaths.
According to a Government Accountability Office (GAO) report released in September 2018, FEMA was unprepared for the onslaught of disasters that struck in 2017, with Hurricanes Harvey and Irma both occurring around the same time as Maria. At the time, the agency was severely understaffed by around 30 percent. Moreover, the agency’s own internal tracking found that some 54 percent of deployed FEMA employees were not qualified for the jobs they were sent to do.
And FEMA has also been at the mercy of President Donald Trump, who has repeatedly downplayed the link between climate change and disasters. In January, Trump threatened to end FEMA aid to wildfire-ravaged California after West Coast governors wrote to the president requesting that he double federal financial investment in regional wildfire management. At the time, FEMA’s staffing and website were both severely curtailed due to the partial government shutdown.
The agency is likely to remain in the spotlight, with historic flooding currently threatening large swathes of the Midwest, including the states of Nebraska and Missouri. But fewer and fewer areas trust the agency tasked with protecting them from disasters and emergencies. According to a report published this week, many cities and states have lost confidence in FEMA’s flood maps and are increasingly generating their own alternatives in order to account for climate change.