By Christine Weicher
(CBS News) — The Federal Emergency Management Agency, charged with providing support to victims of disasters, unwittingly released private personal information of 2.3 people affected by the 2017 California wildfires and hurricanes Harvey in Texas, Irma in Florida and Maria in Puerto Rico. The agency has acknowledged it is a “major privacy incident”
An investigation by the Office of Inspector General (OIG) and stamped “for official use only” criticized, saying “FEMA did not take steps to ensure it only provided only required data” to transitional shelters, including hotels. “Without corrective action, the disaster survivors involved in the primacy incident are at increased risk of identity theft and fraud,” the report read.
An unnamed private contractor was charged with administering the Transitional Shelter Assistance (TSA) program and had access to social security numbers, bank accounts and bank transfer numbers. Part of the OIG’s report is redacted.
“FEMA provided much more information than was necessary,” FEMA Press Secretary Lizzie Litzow is quoted as saying.
FEMA reported it has complied with the OIG’s recommendations to “safeguard both Personally Identifiable Information and Sensitive Personally Identifiable Information of disaster survivors.