Quick Hits

*** The Federal Emergency Management Agency released sensitive information on 2.3 million disaster survivors in 2017 to a contractor despite policies governing the disclosure of such data. The information released covered survivors of Hurricanes Harvey, Irma and Maria and the California wildfires, and included detailed banking information.

A system for FEMA's Transitional Sheltering Assistance was responsible, according to a report released March 22 by the Department of Homeland Security Inspector General. The program connects disaster survivors with temporary lodging at hotels in order to get people out of emergency shelters.

In reply comments, FEMA said it began work on mitigating this data leak after reviewing a draft version of the OIG report in November 2018. The problem originated in part because the program maintained a requirement to collect bank information even though it was no longer necessary. FEMA indicated that it had stopped sharing certain data elements with its contractor and had rewritten its contract to require certain cybersecurity measures in December 2018 and followed that up with a penetration test in February 2019. According to DHS, that test yielded 11 vulnerabilities, only four of which have been remediated.

*** Sen. Mike Enzi (R-Wyo.), chairman of the Senate Budget Committee, is proposing to freeze budgets on the civilian side of the federal government as part of a plan to lower deficits and reduce the national debt. The five-year resolution would stick to existing budget caps through fiscal year 2021; after that defense spending gets inflation-level increases while non-defense spending would be capped at 2021 levels through 2024. The resolution also calls for an increase in retirement contributions by federal employees.