SANTA ROSA -- The Federal Emergency Management Agency says it accidentally shared the personal information of millions of natural disaster victims, including wildfire victims in California.
While FEMA says there is no evidence anyone was hacked, fire victims' information is now vulnerable.
"When you lose everything and starting from scratch, rebuilding is difficult in itself," said Sylvia Parkinson, who survived the Tubbs Fire.
Parkinson says her’s was the eleventh home rebuilt in Coffey Park after the devastating 2017 Wine Country wildfires. She said the road to recovery has been marked by obstacles she didn’t see coming.
"I’m trying to move forward and get past this," Parkinson told FOX40.
She and others learned FEMA accidentally "overshared" the personal information of nearly two and a half million natural disaster survivors with a private contractor. That includes thousands of Wine Country wildfire victims.
According to a Department of Homeland Security report, FEMA shared social security numbers, bank accounts and even bank routing numbers.
Coffey Strong, a neighborhood support group for victims of the 2017 Tubbs Fire, discussed the security breach at their monthly meeting Monday.
"It’s just another thing. It’s the old saying from 'Rocky:' 'It’s not how many times you get knocked down, it’s how many times you get back up.' Because we've been knocked down so many times that we've lost count," said Coffey Strong President Jeff Okrepkie. "We’re just doing the personal things of closing down accounts. Changing money from one account to another to make sure it’s safe."
Data experts told FOX40 that's the right move, especially because FEMA won’t say who the contractor is that now has fire victims' personal information.
"We don’t know what security policies they have in order to prevent their own breach or loss of that data," said cybersecurity expert Don Vilfer.
One FEMA official FOX40 spoke with acknowledged anyone who used the agency’s Transitional Sheltering Assistance program had some data mistakenly shared.
In a statement the agency said:
"Since discovery of this issue, FEMA has taken aggressive measures to correct this error. FEMA is no longer sharing unnecessary data with the contractor. ... FEMA has found no indicators to suggest survivor data has been compromised."
"It’s just something else we just move through," Okrepkie said. "You just keep going forward and don’t let it affect you because if you do you’re letting that fire from October 2017 dictate your life and you just can’t let that happen."
Though FEMA didn’t release the name of the contractor they shared data with they say they’re working with them to get that data back.