Leaders at the Federal Emergency Management Agency are apologizing and telling disaster victims to watch their wallets.
FEMA isn't calling this a data breach, a spokesperson referred to the problem as "unnecessarily overshared sensitive, personal identifiable information."
They say some customers' personal info may have been compromised, though it's unclear how many people in Alabama may have been affected.
This month, leaders at FEMA began notifying disaster victims that some of their personal info may be at risk. They say 2.5 million people had their home addresses shared and 1.8 million had their bank accounts overshared.
FEMA leaders say they found the problem and began sending out letters on September 3rd.
It appears to have happened between FEMA and the contractor that supports the transitional sheltering assistance program. It provides hotel rooms to disaster victims who can't go home for an extended period of time after a storm.
FEMA says it hasn't had to activate the transitional sheltering program since 2008 but continued to share the info with the contractor. FEMA spokespeople say the overshared information was quarantined, protected and permanently deleted from the contractor's system.
For 2019, there have been two disaster declarations so far in north Alabama.
One was declared on April 17 for a series of storms, tornadoes, flooding, and straight-line wind events stretching from February 19 all the way to March 20. That declaration covered Colbert, Franklin, Madison, Morgan, Jackson, and DeKalb Counties.
People who've used FEMA assistance should have already received letters instructing them what to do next.