(Bloomberg) -- The Federal Emergency Management Agency improperly released the personal data of 2.3 million survivors of hurricane and wildfire disasters to a contractor, the Department of Homeland Security’s internal watchdog said late Friday.

Personal details including individuals’ home addresses and bank account numbers were improperly given to a contractor hired by FEMA to provide victims of hurricanes Harvey, Irma, and Maria and California wildfires, all of which occurred in 2017, with temporary housing, according to a memo released by the Homeland Security department’s Office of Inspector General.

The disclosures were made “in direct violation of Federal and DHS requirements,” and the watchdog recommended FEMA take action to prevent improper releases in the future. More than 20 types of “unnecessary” information was released by the agency, including six “sensitive” data types. The release put the 2.3 million survivors at greater risk of identity theft and fraud, according to the report, which did not name the contractor.

FEMA, in a response included in the report, said it concurred with the recommendations and was taking “corrective actions.”

“FEMA has taken aggressive action to mitigate the issues raised within this report and strengthen the protection of survivor data,” Joel Doolin, a FEMA associate administrator, said in its response.

To contact the reporter on this story: Ryan Beene in Washington at rbeene@bloomberg.net

To contact the editors responsible for this story: Jon Morgan at jmorgan97@bloomberg.net, John Harney

©2019 Bloomberg L.P.