The DHS cybersecurity review revealed major flaws such as lack of multi-factor authentication, use of prohibited protocols, and unaddressed vulnerabilities, which hackers exploited before they could be fully remediated.

The U.S. Department of Homeland Security announced a cybersecurity breach at FEMA, leading to the firing of 24 IT staff members, including top officials like the CIO and CISO, due to security failures that allowed hackers to access FEMA networks.

A routine cybersecurity review uncovered these major flaws, but no sensitive data was stolen before the vulnerabilities were addressed.

DHS Secretary Kristi Noem criticized FEMA's IT leadership for incompetence, accusing them of downplaying the breach, resisting security fixes, and lying about vulnerabilities, which she said threatened national security.

The breach is linked to a recent global hack involving Microsoft SharePoint, though it's unclear if FEMA was directly impacted.

While the exact timeline and methods of the breach remain undisclosed, the incident underscores the serious consequences of cybersecurity lapses in critical government infrastructure.

FEMA IT staff resisted efforts to fix security issues, avoided inspections, and lied about the scope of vulnerabilities, according to DHS allegations.

The incident has fueled internal dissent within FEMA, with warnings from employees about inexperience among top leadership potentially causing disaster, reminiscent of Hurricane Katrina.

Concerns about FEMA's leadership have been ongoing, with some longtime officials surprised by the firings and questioning the competence of those ousted.

Despite the security issues, FEMA has extended a hiring freeze through at least the end of 2025, even during peak hurricane season, while DHS emphasizes its commitment to disaster response.

The incident occurs amid broader political debates, with former President Trump expressing intentions to eliminate FEMA and shift disaster funds through his own office, raising questions about future disaster response capabilities.

DHS emphasized that the dismissals were necessary to protect national security and highlighted the importance of cybersecurity measures in safeguarding federal agencies.