The U.S. Federal Emergency Management Agency (FEMA) exposed 2.3 million disaster survivors to possible identity theft and fraud by improperly sharing sensitive personal information with an outside company, according to an internal government watchdog. The U.S. Department of Homeland Security’s Office of Inspector General (OIG) said FEMA had shared financial records and other sensitive information of people who had participated in an emergency shelter program after being displaced by hurricanes Harvey, Irma and Maria and the California wildfires in 2017. The Inspector General’s office said FEMA had shared participants’ home addresses and bank account information with the contractor, along with necessary information like their names and birthdates. That “has placed approximately 2.3 million disaster survivors at increased risk of identity theft and fraud,” the Inspector General’s office said in a report. The name of the contactor was redacted.