Threat Intelligence

FEMA cyber breach exposes employee data

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

A major cybersecurity breach at the Federal Emergency Management Agency exposed employee data from both FEMA and U.S. Customs and Border Protection, according to Nextgov/FCW.

The attack began June 22 when hackers exploited compromised credentials to access FEMA's Citrix virtual desktop infrastructure, later exfiltrating data from Region 6 servers, which oversee five southern states and nearly 70 tribal nations.

The Department of Homeland Security said FEMA's IT staff had failed to enforce basic protections such as multi-factor authentication, fix critical vulnerabilities, and address known risks, which led to their dismissal on Aug. 29. DHS Secretary Kristi Noem accused senior FEMA technology officers of resisting audits and misleading officials.

The flaw, linked to the CitrixBleed 2.0 vulnerability, has been widely publicized for allowing attackers to bypass authentication controls. FEMA has since overhauled its IT structure, naming acting CIO Diego Lapiduz to lead recovery efforts while additional security measures and staff restructuring are underway.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds