By an oversight, the U.S. Federal Emergency Management Agency (FEMA) shared with a third party 2.3 million of records of natural disaster survivors, report authors of the book ‘Learn ethical hacking‘, in conjunction with experts from the International Institute of Cyber Security (IICS).
FEMA accidentally shared personal details
classified in twenty different categories; because of this incident, the
victims now face a greater likelihood of some type of fraud or identity theft,
mentioned the U.S. government officials.
According to the authors of ‘Learn ethical
hacking’, the third party involved retained the information in their networks
about 30 days. The problem is that FEMA cybersecurity specialists have analyzed
the systems of the third party involved and found at least 11 vulnerabilities,
which means that hackers could have easily accessed the compromised information
during the time it stayed at the third party’s networks.
This is the latest in a series of data
leak or loss incidents related to U.S. government agencies; In 2015,
for example, a group of hackers stole more than 14 million of records belonging
to federal employees, including 6 million of biometric samples (fingerprints),
the authors of ‘Learn ethical hacking’ mentioned.
A group of legislators has asked FEMA officials
for an official statement as to how this recent massive data leak
happened. “FEMA’s internal
administrator must appear before Congress; we need to know how this happened,”
said Kamala Harris, a California
Democratic senator.
As people who have been impacted by disasters
such as wildfires or hurricanes, this incident leaves them in an even more
committed position. Among the victims registered with FEMA are the Americans
affected by Hurricanes Harvey, Irma and Maria, as well as the California fires
in 2017.
FEMA has permission to share information such
as names, dates of birth and social Security numbers (only the last four
digits).
