FEMA disclosed private data of more than a couple of million survivors with a federal contractor, meant to help find housing. But it's not just name a cell number--no, they got electronic funds transfer numbers and other banking numbers that may increase the survivors risk of identity theft and other forms of fraud.
FEMA still hasn't completely fixed the problem, and may not for more than a year ...
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
Once again, it has been identified, detected and the nation and authorities have responded - but the current processes are too slow, as it takes time to ascertain the damage, implications and assess the appropriation prosecution - by that time - it could be years, before it is resolved. This is too slow.
This is really no different than using the same password on many web sites. EFT numbers really should be uniquely generated for each business relationship and there should be a way to invalidate just one relationship. As it stands today, each of those millions of people are now facing a new bank account, ordering new checks and reworking all their auto-pays.
SSNs are no different either. To the extent they they are used for authorization (as opposed to simply identification), they should either be unique per transaction or should periodically be changed.