The Federal Emergency Management Agency (FEMA) announced it would provide 18 months of free credit monitoring to disaster survivors who request the service. The announcement came after FEMA revealed roughly 2.5 million people’s banking and home addresses were unnecessarily shared with a third-party contractor from 2008 to 2018. FEMA estimates the contractor had access to 1.8 million banking and home addresses and another 725,000 home addresses.
Backstory
The U.S. Department of Homeland Security – Office of the Inspector General – notified FEMA that it had “unnecessarily overshared sensitive, personally identifiable information of some disaster survivors with its contractor that supports its Transitional Sheltering Assistance program.”
Anyone who applied for housing assistance during the 2012 hurricane – Superstorm Sandy – may have been affected. Moreover, any resident who sought temporary housing from 2008 to 2018 may also be affected. FEMA also unnecessarily shared survivors’ personal information during Hurricane Maria, Harvey, Irma, and the 2017 California wildfires.
FEMA officials described the leaks as a “major privacy incident.” FEMA press secretary Lizzie Litzow also said, “We don’t have any information that it has been compromised detrimentally. (However, we’ve taken) aggressive measures to correct this error. FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system.”
After learning about the breach, Mississippi Congressmen (D) – and chairman of the House Homeland Security Committee – Bennie Thompson said, “This is unacceptable, and FEMA must demonstrate it will do better in the future. Safeguarding the information of Americans already suffering from a disaster should be of the utmost importance.”
Third-Party Contractor
Though FEMA declined to name the contractor, it runs the FEMA Transitional Sheltering Assistance program – providing housing and accommodations for victims who cannot return to their homes following a disaster.
FEMA originally shared survivors’ banking and personal information with the contractor to reimburse victims for lodging costs incurred during a disaster. Unfortunately, the reimbursement program was amended in 2008, and FEMA was still providing the information even though it was no longer necessary.
To rectify the issue, FEMA said it has removed all of the information from the contractor’s system and performs a security assessment to ensure there are no loose ends. The agency is also reviewing its data-sharing protocols.
How to Request Free Credit Monitoring
On September 3, 2019, FEMA sent letters to disaster survivors notifying them of the breach and how to register for free credit monitoring.
Through its provider – MyIDCare – you can sign up for 18 months of free service by calling 1-833-300-6934 or applying online through its website. A redemption code is provided at the top right-hand corner of every letter. You can also contact FEMA directly – using the telephone number above – to request more information. Operators are standing by Monday through Saturday from 9 a.m. to 9 p.m.
Keep in mind that your free subscription ends after 18 months. However, you can renew the plan – at your own cost – after the 18-month period ends.