A FEMA spokesperson told the Associated Press that the calls were made to a number of countries in the Middle East and Asia, including India, Yemen, Afghanistan and Saudi Arabia. The hack was later discovered by Sprint, which then blocked outgoing calls from the number.
The security shortcoming was traced back to a known flaw in the voicemail system which had even sparked a bulletin from the Department of Homeland Security in 2003.
Though a fix for the hole had been available for several years, the vulnerability was left open when a contractor installed an upgrade to the system.
FEMA said that the hole has since been fixed.