https://www.nextgov.com/cybersecurity/2019/03/fema-defends-actions-following-data-release-affecting-23-million-disaster-victims/155821/
By Charles S. Clark
Senior Correspondent
NextGov.com
March 26, 2019
The Federal Emergency Management Agency on Friday said it had taken
"aggressive" corrective measures after mistakenly releasing detailed personal
data of some 2.3 million disaster victims to a contractor.
A "management alert" dated March 15 from the Homeland Security Department’s
acting Inspector General John Kelly hit news outlets on Friday showing that
FEMA in 2017 "did not ensure it shared with the contractor only the data
elements the contractor requires to perform its official duties administering"
the program that helps people displaced by disasters find shelter in hotels.
Among the data released inappropriately, the IG found, were applicants'
addresses, financial institution names, electronic funds transfer numbers and
bank transit numbers.
The data release violated the 1974 Privacy Act and FEMA's own internal
guidelines, putting at risk victims of hurricanes Harvey, Irma, and Maria and
the California wildfires who applied for federal aid, the alert noted.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
