FEMA mistakes put 2.3 million victims of hurricanes, wildfires at risk of ID theft, government watchdog says
Hurricane Harvey has been described as the storm that didn’t discriminate, inflicting an estimated $125 billion in damage to rich and poor alike. But community leaders say residents in the poorest neighborhoods have fared the worst. (Aug. 23)
WASHINGTON – FEMA improperly shared the personal data of some 2.3 million victims from four major 2017 disasters, a government watchdog report concluded.
The agency’s misstep has put the survivors of Hurricanes Harvey, Irma and Maria and the California wildfires “at increased risk of identity theft and fraud,” according to the report from John V. Kelly, acting Inspector General for the Homeland Security Department.
FEMA is a division of Homeland Security.
The breach occurred because proper safeguards were not taken for disaster victims who participated in FEMA’s program to provide transitional shelter to survivors left homeless, often placing them in hotels and other temporary lodging arrangements, the report said.
The 13 types of information compromised included full names, birth dates, partial social security numbers, addresses and financial information, including applicants’ bank transfer details.The data was provided to a private contractor managing the transitional shelter program.
The report, initially submitted to FEMA March 15, was publicly released Friday.
For those who survived the disasters, the disclosure wasn’t well received.
“Mistakes can be made, but the people in Sonoma County have been through so much and this just heaps another worry on them,” Sonoma Mayor Amy Harrington told USA TODAY. “The idea that these people have to worry about ID theft is just unfair.”
The disclosure came just as rebuilding from the 2017 conflagration that engulfed large swaths of the county and burned hundreds of homes, is well underway. But many families are still in temporary housing, making it an especially difficult time for the added trouble of an identity breach as they struggle to get their families back on their feet.
“The last thing you need when you’re trying to rebuild your home and your life is impact to your credit,” said Jeff Okrepkie, a fire victim in Santa Rosa, California. “To worry about this now feels completely unnecessary and is kind of scary, to be honest.”
In a March 8 letter to Kelly included in the audit, FEMA Associate Administrator Joel Doolin acknowledged the breach and said the agency “has taken aggressive action to mitigate the issues raised within this report.”
Doolin’s letter says the agency “acted immediately to stop the flow of excess data” of personally sensitive information as soon as it received the Inspector General’s draft report in November.
The contractor was not identified in the report because it was redacted.
Although not required to do so, the contractor could have alerted FEMA that they were receiving unnecessary personal information and the agency “may have been able to remedy this situation earlier and avoid additional privacy incidents,” the report said.
The four disasters in 2017 left tens of thousands across several states and U.S. territories homeless and caused billions in damage.
Hurricane Harvey caused massive flooding in Texas. Hurricane Irma walloped the Gulf Coast of Florida. Hurricane Maria devastated Puerto Rico and the U.S. Virgin Islands. The California wildfires – about 9,000 of them – scorched more than 1 million acres in the state.
Of the information that was disclosed, the bank data might have been the most damaging.
“Oh, that’s not good, that’s pretty much all you need to transfer funds into or out of a bank account,” said Okrepkie, who started a non-profit group called Coffey Strong to help his Coffey Park neighborhood victims stay connected in the rebuilding effort.
So far, 193 homes have been completed, with some 700 more expected to come online this summer. “This is really, really frustrating to hear.”
Okrepkie said that news of the FEMA data disclosure is sure to set back many of those still trying to rebuild.
“It’s disappointing and disheartening to say the least,” he said. “Enrolling in FEMA was an essential part of recovery in the aftermath of the fires. The fires hit, and you immediately heard: ‘Apply for FEMA help, apply for Red Cross help.’ Everyone did it. So to see this happen is frustrating because they’ve compromised information of people already in a financially precarious position due to recovery.”
Contributing: John Fritze, Marco della Cava and Chris Woodyard
Read or Share this story: https://www.usatoday.com/story/news/politics/2019/03/22/fema-mistakes-put-victims-hurricanes-wildfires-risk-id-theft/3251158002/