The Department of Veterans Affairs (VA) announced a data breach jeopardizing the personal information of around 46,000 Veterans. In a statement released on Monday, the VA explains that the Financial Services Center (FSC) found an online application for Veteran’s medical treatment to be the entry point for hackers. According to the statement, “The FSC took the application offline and reported the breach to VA’s Privacy Office.”
Hackers mined the information through social engineering techniques and “exploiting authentication protocols”. This was in effort to divert online health payments and mine data from them. The statement does not explicitly state what specific information was affected. However, the statement is offering free credit monitoring services to “those whose social security numbers may have been compromised”. This potentially implies that payment information may be one of the affected data points.
In efforts to respond to the data breach, the VA will keep system access suspended until they are able to conduct a thorough review of their security. This review will be led by the VA Office of Information Technology. Furthermore, the VA will be sending alerts to all affected parties, including next-of-kin of those who have passed away. The VA advises all affected Veterans to follow the instructions laid out in the letter. They add that “There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident.”