FEMA

FEMA

FEMA stated that they mistakenly exposed the personal information, including addresses and bank account information, of 2.3 million disaster victims.

The breach occurred because FEMA did not ensure a private contractor only received the information it required to perform its official duties.

The victims affected include survivors of Hurricanes Harvey, Irma, and Maria and the 2017 California wildfires.

The report found FEMA's failure to protect their data put them at risk of identity theft and fraud.

According to the report, some of the data collected, such as addresses and Social Security numbers, were necessary to give aid. but other information, like electronic bank account information, was not considered necessary.

Source: https://www.cbsnews.com/news/fema-data-breach-exposed-personal-information-of-2-3-million-disaster-victims/

TPRM report: https://scoringcyber.rankiteo.com/company/fema

"id": "fem74612323",
"linkid": "fema",
"type": "Breach",
"date": "03/2019",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 2300000,
                        'industry': 'Public Sector',
                        'location': 'United States',
                        'name': 'FEMA',
                        'type': 'Government Agency'}],
 'attack_vector': 'Oversharing of Data',
 'data_breach': {'number_of_records_exposed': 2300000,
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Addresses',
                                              'Bank Account Information',
                                              'Social Security Numbers']},
 'description': 'FEMA mistakenly exposed the personal information, including '
                'addresses and bank account information, of 2.3 million '
                'disaster victims due to oversharing with a private '
                'contractor.',
 'impact': {'data_compromised': ['Addresses',
                                 'Bank Account Information',
                                 'Social Security Numbers'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'lessons_learned': 'Ensure that only necessary data is shared with '
                    'contractors to perform their official duties.',
 'post_incident_analysis': {'corrective_actions': 'Review and tighten data '
                                                  'sharing practices.',
                            'root_causes': 'Oversharing of data with a private '
                                           'contractor.'},
 'recommendations': 'Implement strict data sharing policies and procedures to '
                    'prevent oversharing of sensitive information.',
 'title': 'FEMA Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improper Data Handling'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.