Homeland Security Secretary Kristi Noem has terminated 24 employees at the Federal Emergency Management Agency (FEMA) following a cyber breach that posed a threat to national security, as announced on Aug. 29.
A cyber hacker infiltrated FEMA systems, but fortunately, no sensitive data was compromised from any Department of Homeland Security (DHS) networks, according to the department. The chief information officer, chief information security officer, and 22 other IT employees at FEMA, who were allegedly responsible for the security lapse, were promptly dismissed.
The investigation revealed significant security vulnerabilities that allowed the hacker to access FEMA’s network, putting the entire Department and the nation at risk. The failures included a lack of multi-factor authentication, use of prohibited legacy protocols, neglecting known vulnerabilities, and poor operational visibility within the agency.
FEMA had allocated nearly half a billion dollars towards IT and cybersecurity measures in fiscal year 2025. The decision to terminate these employees came shortly after nearly 200 current and former FEMA employees raised concerns about the Trump administration’s disaster response changes.
The employees criticized the leadership at FEMA and Noem, expressing worries that the lack of experience among Trump’s appointees could lead to catastrophic events like Hurricane Katrina in 2005. President Trump had previously considered restructuring or even abolishing FEMA, suggesting that states handle disaster responses locally for efficiency.
Noem clarified that the administration aimed to revamp FEMA, rather than completely dismantle it. The ongoing efforts to improve the agency’s operations and response capabilities remain a top priority for the administration.