In March 2019, the U.S. Department of Homeland Security Office of the Inspector General reported that FEMA had unnecessarily overshared sensitive, personally identifiable information of some disaster survivors with its contractor that supports its Transitional Sheltering Assistance program. In response to this incident, FEMA acted quickly to ensure that overshared information was quarantined, protected, and permanently removed from the contractor’s system.
FEMA continues to assure disaster survivors that it has not found any evidence that any of the overshared information was compromised. The agency announced on September 3 that out of an abundance of caution, it will provide credit monitoring services for a period of 18 months to affected survivors who request the service. Instructions on how to contact FEMA, request free credit reporting, or register for free credit monitoring will be identified in a FEMA notification letter sent to affected disaster survivors.
FEMA is likely paying millions for credit monitoring! Not only did they add insult to injury for the victims of the wildfires last year, but now the cost of remediation for the data breach is becoming clear. There are simple/cost effective solutions to prevent data loss for this kind of insider threat! Is FEMA implementing a solution to prevent further data loss as the IG report on the incident requires?