Slashdot Mirror

← Back to Stories (view on slashdot.org)

FEMA Data Breach Hits 2.5 Million Disaster Survivors (cnn.com)

Posted by BeauHD on from the what-a-disaster dept.

The Federal Emergency Management Agency (FEMA) unlawfully shared the private information of 2.3 million hurricane and wildfire survivors with a federal contractor that was helping them find temporary housing, an inspector general from the Department of Homeland Security said Friday. The data includes "20 unnecessary data fields" such as "electronic funds transfer number," "bank transit number" and addresses. CNN reports: FEMA said it began filtering the data in December 2018 to prevent this information from being shared, but a more permanent fix may not be finalized until June 2020. "Since discovery of this issue, FEMA has taken aggressive measures to correct this error. FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor's information system," said Lizzie Litzow, press secretary for FEMA, in a statement.

"To date, FEMA has found no indicators to suggest survivor data has been compromised. FEMA has also worked with the contractor to remove the unnecessary data from the system and updated its contract to ensure compliance with Department of Homeland Security (DHS) cybersecurity and information-sharing standards. As an added measure, FEMA instructed contracted staff to complete additional DHS privacy training."

16 comments

  1. Why dn't we get more assistnce for identity theft? by Anonymous Coward · · Score: 0

    Between Equifax leak and all the other well-known bullshit. Why in this time and age don't we get more protection and leeway for identity theft?

    At least half a dozen of my family members are dealing with fallout from this. They can't open bank accounts or get loans because some scammer has illegally used their information. So far we're in months, maybe years to clean this up, if ever. What the actual fuck is going on here and why hasn't the government with all its funds we send it, done anything about the situation. Too much profit?

  2. Re: Why dn't we get more assistnce for identity th by Anonymous Coward · · Score: 0

    Thank you for your submission. Your concern event had been recorded and will be considered in future acknowledgements. Thank you for your participation in this matter.

  3. Nobody cares by Anonymous Coward · · Score: 0

    about stealing credentials for those poor people. Yeah I'm going to get a negative bank account and an SSN with bad credit associated.

    1. Re: Nobody cares by Anonymous Coward · · Score: 0

      .. about Appendix C of the FEMA report on WTC7, which wasn't hit by a plane and had no jet fuel in it. Everyday ordinary office fires can apparently make steel beams look like swiss cheeze. Shouldn't Mueller investigate that or something?

  4. And you want government managing healthcare? by Anonymous Coward · · Score: 0

    How many screwups WITH ZERO ACCOUNTABILITY will it take for people to understand that the US government sucks at everything. And the bigger it gets, the worse it does.

    1. Re:And you want government managing healthcare? by Hognoxious · · Score: 1

      Well said. Corporations, subject to the discipline of the free market, would never ever pfahhahahahahahahaha.

      Sorry, I can't do this.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    2. Re:And you want government managing healthcare? by ArchieBunker · · Score: 2

      Agreed. The USA does need universal health care but I have no faith in their ability to manage it. Look at how poorly the VA system is run. That is what you'd get.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    3. Re:And you want government managing healthcare? by Anonymous Coward · · Score: 0

      Or better yet, Gov funded insurance with nothing to limit costs.

    4. Re:And you want government managing healthcare? by Hognoxious · · Score: 2

      And yet every country with an economy that's advanced beyond the mud stage seems to be able to do it. Not perfectly, for sure, but generally OK.

      Are they just smarter, or do you have another explanation?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    5. Re: And you want government managing healthcare? by Anonymous Coward · · Score: 0

      We love to complicate things with many rules and exceptions. We love making the user read through all the rules to figure out how to complete the form. We love to impose tight deadlines on the users to submit paperwork and take forever to process it, and then not give the user the courtesy notification but expect them to follow up instead. We love to do this because somehow it makes us feel good, maybe superior, or productive, when in fact most of our job can and should be automated by people who understand how to build working systems and actually care about the users. We do this in all branches of government, all departments of the executive, and in corporations. With love, America.

    6. Re:And you want government managing healthcare? by schwit1 · · Score: 2

      Corruption, pure and simple. When was the last time a high-ranking government official was fired or jailed for their malfeasance?
      https://www.stripes.com/some-v...

      And what about the IRS scandal? The taxpayers are on the hook for the payouts but Lois Lerner retired with her pension.
      https://www.dailysignal.com/20...

      Add to this that government employees can leave office and then work for the same businesses they regulated the week before.

  5. From the government by AHuxley · · Score: 1

    and we are here to help.
    Extra data fields help the gov help you more.
    Want some more free gov help?
    Fill in all that data to get the free help.

    --
    Domestic spying is now "Benign Information Gathering"
  6. Re:Why dn't we get more assistnce for identity the by AHuxley · · Score: 1

    City, state and federal privacy laws over data collection, networked data sets going back decades.
    To connect photo ID with gov/private sector ID, bank accounts
    Sanctuary city data protection for decade after decade of illegal migrants.
    People using fake and shared US citizenship. Fake education and fake professions. Criminals who have no past.
    Data sets that kind of look like that of a real US citizen but are used by a criminal/someone who needs that fake ID.
    A government would have to link city/state/federal database sets and "discover" all the fake/shared ID creation and use.
    For that everyone would have to have a bank account, photo ID, to show citizenship.

    It wold be a very easy US wide database to set up and then add people to.
    The why not is political. Someone political is protecting everyone using the fake and shared ID in states and cities and don't want to see that detected federally.
    Too much would be discovered. The who and why of that city./state political pressure not to secure US banks, photo ID and citizenship.
    The federal pressure not to allow state and cities more access to federal data sets about US citizenship.

    --
    Domestic spying is now "Benign Information Gathering"
  7. The tech is so simple by imidan · · Score: 1

    Technologically, it's such a simple solution. You create something like a limited database view, you expose it on an API, and you give API keys to the people you want to be able to query it.

    This is trivial technology to us, but to the people actually doing the work, the more likely scenario is that one person gives another a USB key with a giant Excel spreadsheet containing all the details of every person involved.

    Why is it so hard for us to communicate to them that we know how to effect communication in ways that limit exposure of sensitive information? Why does it so often come down to some dumbass passing a .xlsx to some other dumbass? I have done so many consulting jobs where I have received mountains of inappropriate data, and I just ignore it, because what else am I gonna do? I mean, ethically. Obviously, some people just sell it.

    How do tech people who do shit like this, and other shit like store passwords in plain text, still have jobs, after so many years?

  8. desperate by Anonymous Coward · · Score: 0

    your turn

  9. Pork Barrel Effects at Work by Anonymous Coward · · Score: 0

    Private government contractors getting unnecessary access to citizens info is nothing new. The post world war two building boom that made the Trump empire in New York millions also rated potential tenants. They took it a step further with the addition of the letter "C" to indicate undesirable tenants. It would be interesting to see if the private contractor did anything similar with the information so that their potential customers could be rated as to suitability for further sales. Companies that hand out cash for rebuilding or coordinate rebuilding can do all sorts of things with core credit information.

    Without adequate oversight it is inevitable that we can wind up with assholes like the Trumps sucking away at the public purse to get rich.