According to the Associated Press, someone placed over 400 calls through FEMA's National Emergency Training Center in Emmitsburg, Md., to several countries in the Middle East.
FEMA is a part of the Department of Homeland Security.
The hacker took advantage of a newly installed voice-mail system. FEMA's CIO, Jeanne Etzel, is investigating the incident, according to FEMA spokeswoman Debbie Wing.
The preliminary results of the investigation suggest that a contractor involved with the installation of the voice-mail system appears to have been responsible for the system's misconfiguration, Wing said.
Wing said that FEMA became aware of the unauthorized calls on Saturday, Aug. 16, and that technicians promptly made the necessary corrections. She said she didn't have any information about whether one person or several were responsible for the more than 400 unauthorized calls.
Wing said she too had seen the $12,000 cost figure reported but couldn't immediately confirm it. She also said that she was unsure about whether FEMA would end up paying for the calls. She said that she expected the agency would try to work something out with its telecom service provider.
Last year, hackers broke into dozens of computers at the Department of Homeland Security and spirited sensitive data to China. Government investigators blamed a government contractor, Unisys, for failing to deploy intrusion detection systems.
Unisys issued a statement disputing the allegations, noting that it could not fully respond due to federal security regulations that "preclude public comment on specific incidents."