Breach Brief – FEMA, Dealer Leads

Published On September 18, 2019 | By Tom Huskerson | Breach Briefs

Federal Emergency Management Agency

As if your life isn’t screwed up enough after a natural disaster now you have to deal with a federal agency that spilled your personal data.

The Federal Emergency Management Agency (FEMA) admitted that for the last decade it has unnecessarily exposed the personally identifiable information of roughly 2.5 million disaster victims to a third-party contractor.

FEMA is notifying 2.5 million people their personal information was shared with a third party contractor that supports its transitional sheltering assistance program. Disaster victims who applied for temporary housing assistance between 2008 and 2018 may have been impacted. As many as 1.8 million people had there banking information exposed as a result of the breach. FEMA does not believe that any of the data was used for malicious purposes.

FEMA sent the contractor specific data to verify survivors’ eligibility for disaster assistance and lodging. That information included full names, dates of birth, eligibility start and end date, a FEMA registration number, and the last four digits of survivors’ Social Security numbers.

However the Office of the Inspector General (OIG) report found that FEMA also shared as many as 20 additional and unnecessary data fields with the contractor. This included six that contain particularly sensitive information, like survivor’s full home addresses, bank name, electronic funds transfer number, and bank transit number.

FEMA’s explanation for the breach is that it originally shared survivor’s banking and home address information with the TSA contractor in order to reimburse disaster victims for their incurred lodging costs. The reimbursement program was shut down in 2008 and housing payments have been paid directly through FEMA. But FEMA carelessly continued to share the same information with the contractor, even though it was no longer needed.

In response to the breach FEMA has permanently deleted the data from the contractor’s system, is revising its data sharing process and conducting a security assessment of the contractor computer system.

FEMA is also offering 18 months of free credit monitoring services to those affected by the breach. You can sign up using MyIDCare or calling FEMA directly at 1-833-300-6934. Operators are on duty Monday through Saturday from 9 a.m. to 9 p.m.

Dealer Leads

Are you looking for a new car? Did you buy a new or used car? Well congratulations your data has been exposed. An internet security researcher found an unsecured database of 198 million car buyers’ just sitting there online.

The information contained a lot of sensitive car buyer information. But before you panic there’s no evidence that the data was stolen by hackers. Thankfully the security guy found the database first.

Our hero is Jeremiah Fowler, senior security researcher at Fowler found the unsecured database contained records with the names, emails, phone numbers, addresses, IPs and other sensitive or identifiable information. The information was not encrypted so it was viewable in plain text.

As Fowler worked to track down the owner of the database he discovered it held information from multiple websites. After more investigation he discovered that the websites all linked back to Dealer Leads.

Dealer Leads is digital marketing company that helps small car-dealer franchises generate leads through websites Dealer Leads created or bought.

Dealer Leads has since secured the database after being informed by Fowler of the situation. Thanks guys. That was close!

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.