FEMA Statement on the Inadvertent Breach of Private Information
A processing error inadvertently resulted in social security numbers appearing on mailing labels of some Disaster Assistance Employees (DAEs). This breach of private information was tied to a set of letters, reappointing roughly 2,300 DAEs in preparation for the 2007 hurricane season and other disasters. Although the numbers were not clearly identifiable as social security numbers on the labels, which minimizes the risk, FEMA took immediate and aggressive action to protect those employees.
FEMA became aware of the processing error on April 9, 2007, quickly investigated the matter, and implemented immediate mitigating measures. On April 14, FEMA alerted each affected employee with a telephone call to apologize and explain the processing error and the actions being pursued to minimize the impact. This telephone notification was followed by formal letters with the same information, mailed April 16. Affected Disaster Assistance Employees were advised of FEMA's intent to provide credit monitoring protection and actions to prevent a recurrence of such an incident. Also, FEMA has implemented an independent review of internal procedures to ensure further that privacy information is protected and similar errors are prevented.
In addition, FEMA verified the following: there wasn't any electronic release of employees' social security numbers; an identity thief would have to recognize the number on the outside of the envelope was indeed a social security number, then copy it down; and no one person would have had access to all of the numbers, as is the case with a database security breach.
FEMA regrets that the processing error exposed the Disaster Assistance Employees' private information. The agency has purchased identity protection for the affected employees. The agency is making every effort to protect those affected and to prevent such an incident from occurring again in the future.
Last Modified: Monday, 23-Apr-2007 08:43:49 EDT