FEMA Exposed Over 2 Million Disaster Survivors’ Personally Identifiable Information

Fire Survivors

This weekend, the Department of Homeland Security (DHS) inspector general issued a report stating that the Federal Emergency Management Agency (FEMA) exposed home addresses and banking account information of 2.3 million disaster survivors, placing them at risk for identity theft and fraud.

FEMA transmitted disaster relief applicants’ bank and electronic funds transfer numbers to an outside contractor handling transitional housing for those affected by Hurricanes Harvey, Irma, Maria and the 2017 California Wildfires.

A DHS official said, “We don’t have any information that [the personal data] has been compromised in a detrimental fashion,” and stated that FEMA will not be contacting any affected individuals and is working with the contractor to have the data removed.

Scammers often take advantage of crisis situations with fraudulent communications to survivors or by submitting fraudulent applications for disaster relief.

What Consumers Can Do

While the ubiquity of breaches has led some consumers to the state of apathy, it’s more important than ever to be vigilant. We encourage consumers to consider taking the following data breach safety measures to help reduce their risk:

  • If you participated in FEMA programs in the last two years – specifically Hurricanes Harvey, Irma, Maria or the California wildfires – contact your bank and let them know you might have been affected.
  • Review all bank statements to ensure that there are no suspicious charges to or from your account.
  • Monitor your credit report for any new accounts opened in your name.
  • If your bank utilizes electronic funds transfers, ask for a new personal identification number (PIN).

If individuals do not already have identity protection, we strongly urge everyone to sign up for a service that includes identity monitoring and resolution services. However, everyone should be wary that not all monitoring services will protect them equally. We encourage individuals who are evaluating identity protection services, and businesses who are evaluating such third-party services to offer, to compare the monitoring capabilities and the quality of the customer service.

Comprehensive monitoring services should include internet surveillance, compromised credential monitoring, and credit monitoring. The monitoring should also include alerts so that if a customer’s information is detected on the dark web, they can quickly assess and work with resolution experts to minimize any impact.

Some recommended information to monitor includes:

  • Login credentials for various sites
  • Social Security number
  • Email addresses
  • Date of birth
  • Debit/credit card numbers
  • Bank account numbers
  • Insurance card/policy number
  • Drivers’ license number
  • Loyalty card numbers
  • Affinity card numbers
  • Passport number

To learn more about protecting your customers’ and employees’ data with Generali Global Assistance identity and digital protection, request a demo.