The Department of Homeland Security’s inspector general revealed in a report on Friday that the US Federal Emergency Management Agency (FEMA) violated the privacy law by exposing personal data of more than 2 million disaster survivors.
The shared data included the bank and electronic fund transfer numbers of the survivors.
The inspector general elaborated on the threats to these survivors of the leak. The report published on Friday said it makes survivors of natural disasters such as hurricanes Harvey, Maria and Irma vulnerable to fraud schemes and identity theft.
According to reports, FEMA provided this information for disaster relief program to a contractor who runs to assist survivors to get temporary shelter at hotels. The name of the contractor, however, was removed from the report before its release.
The current audit of FEMA’s Transitional Sheltering Assistance program revealed that it had violated the Privacy Act of 1974 and Department of Homeland Security Policy, said the inspector general.
There may be penalties imposed for these violations, the details of which aren’t clear yet.
Lizzie Litzow, FEMA’s Press Secretary, accepted in a statement that the more than necessary data was shared with the contractor. Besides that, the Press Secretary assured that “aggressive measures” would be taken to rectify the mistake that has been committed.
In addition to that, there were no signs that the personal data of survivors was compromised, Litzow said.
The concerns regarding these leaks are extremely high because cybercriminals often use this data to scam individuals, particularly those who are looking for disaster relief and are in trouble already.