By an oversight, the U.S. Federal Emergency Management Agency (FEMA) shared with a third party 2.3 million of records of natural disaster survivors, report authors of the book ‘Learn ethical hacking‘, in conjunction with experts from the International Institute of Cyber Security (IICS).
FEMA accidentally shared personal details classified in twenty different categories; because of this incident, the victims now face a greater likelihood of some type of fraud or identity theft, mentioned the U.S. government officials.
According to the authors of ‘Learn ethical hacking’, the third party involved retained the information in their networks about 30 days. The problem is that FEMA cybersecurity specialists have analyzed the systems of the third party involved and found at least 11 vulnerabilities, which means that hackers could have easily accessed the compromised information during the time it stayed at the third party’s networks.
This is the latest in a series of data leak or loss incidents related to U.S. government agencies; In 2015, for example, a group of hackers stole more than 14 million of records belonging to federal employees, including 6 million of biometric samples (fingerprints), the authors of ‘Learn ethical hacking’ mentioned.
A group of legislators has asked FEMA officials for an official statement as to how this recent massive data leak happened. “FEMA’s internal administrator must appear before Congress; we need to know how this happened,” said Kamala Harris, a California Democratic senator.
As people who have been impacted by disasters such as wildfires or hurricanes, this incident leaves them in an even more committed position. Among the victims registered with FEMA are the Americans affected by Hurricanes Harvey, Irma and Maria, as well as the California fires in 2017.
FEMA has permission to share information such as names, dates of birth and social Security numbers (only the last four digits).