Core Insights - A hacker accessed the Federal Emergency Management Agency's (FEMA) networks for several months, stealing sensitive employee information [1][4][6] Incident Overview - The Department of Homeland Security (DHS) informed FEMA on July 7 about the breach, which occurred through Citrix Systems Inc.'s remote desktop software using compromised credentials [2] - The breach affected FEMA's Region 6, which includes Arkansas, Louisiana, New Mexico, Oklahoma, and Texas, with data stolen from servers in that region [2][5] - The hacker was active in the network from June 22 until August 5, 2023 [5] Response and Consequences - Following the breach, DHS Secretary Kristi Noem terminated two dozen FEMA employees, including several IT executives, citing failures in cybersecurity protocols [3][6] - FEMA disconnected the Citrix remote access tool for Region 6 on July 16 and mandated multifactor authentication for employees [5] - Noem criticized the agency's IT leadership for incompetence, highlighting a lack of multifactor authentication as a significant issue [6] Data Compromised - The hacker successfully accessed Microsoft Corp.'s Active Directory, which is used for managing access control, and stole information about employees from both FEMA and Customs and Border Protection [4][6] - Although Noem stated that no sensitive data was extracted from DHS networks, the internal investigation later confirmed that federal employee identity data had been stolen [6]