ORANGE COUNTY, Texas — Recently, FEMA sent out letters to several in Southeast Texas, alerting people of a "privacy incident." The Orange County Office of Emergency Management took to Facebook to let residents know, it's not a scam.
In the letter, FEMA states that it overshared disaster survivor information with a contractor who helps with their Transitional Sheltering Assistance (TSA) program. Anyone who received the letter is listed as someone who was affected by a "Presidentially-declared disaster," and were eligible for assistance through the TSA program. They determined recipients' personal infomration was impacted by the "privacy incident."
They go on to explain that the TSA program provides hotel accommodations for disaster survivors who are not able to return home for an extended period. They use contractors to administer the program. The letter explains that a version of FEMA assistance required sharing banking and address information with the contractor to reimburse people directly for lodging, rather than paying lodging providers directly.
That program hasn't been activated since 2008, when they started paying lodging providers directly through the contractor. However, FEMA continued to share the same level of information previously required. This resulted in the "oversharing" of survivor information.
The Department of Homeland Security (DHS) Office of Inspector General (OIG) audited FEMA's TSA program, and discovered that FEMA was sharing more information than necessary; i.e., banking and home address information.
FEMA claims they did their own "extensive review of the incident," and determined it "overshared the address information of 2.5 million individuals with the contractor." Of those, about 1.8 million also had their banking information shared. They believe any Individual Assistance (IA) applicant who shared their address and banking information at the time they registered for FEMA assistance since 2008, and were eligible for TSA, may have had their information transferred to the contractor.
FEMA said they're working to protect the information of survivors, and prevent similar incidents from occurring in the future. Their offering credit monitoring and identity protection services to "all individuals who were affected by the privacy incident." They've set up a web page to give notice to individuals, along with remediation options.
They've also arranged to have MyIDCare provide credit monitoring services to help protect the identities of those affect for free. Sign-up can be done over the phone at 1-833-300-6934 or on their website.
Candice Travis, a letter recipient, said that's not enough.
"I think they should actually look into more of our credit and make sure that nothing was touched and if it was touched, fix it," Travis said.
She believes her credit has been impacted, and her trust in FEMA has been broken.
"I think it hurt a lot of people's credit, not just mine, it hurt a lot of other people," Travis said.