Skip to main content

FEMA Data Breach Hits 2.3 Million Disaster Survivors: What to Do

The Federal Emergency Management Agency (FEMA) failed to safeguard sensitive personal information of 2.3 million disaster survivors who had to seek temporary housing after Hurricanes Harvey, Irma and Maria in 2017, and a series of California wildfires that same year, said a report released yesterday (March 22) by the Department of Homeland Security’s inspector general.

Hurricane survivors wade through water. Credit: Joe Raedle/Getty Images

(Image credit: Hurricane survivors wade through water. Credit: Joe Raedle/Getty Images)

Street addresses and banking information pertaining to the affected individuals was shared with an unnamed private contractor that was helping house disaster survivors in hotels and other accommodations, the report said, violating FEMA rules. It was not clear if bank-account numbers were part of the information, but a form of electronic funds transfer number was, along with bank routing numbers. However, neither credit card numbers nor Social Security numbers were involved.

An unnamed source told The Washington Post that of the affected individuals, only 1.8 million had both their street addresses and banking information shared with the contractor. About 725,00 had only their street addresses exposed. There is no evidence that the contractor or the contractor’s employees have misused any of the information.

If you were temporarily housed by FEMA in a hotel or other commercial residence as a result of Hurricanes Harvey, Irma, Maria or the California wildfires in 2017, it might be possible for someone who gained access to the banking data to electronically access funds in your bank account. Alert your bank to the issue and ask for a PIN to authorize electronic funds transfers, if the bank offers one.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. That's all he's going to tell you unless you meet him in person.