Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Personal Information of 46,000 U.S. Veterans Exposed in Data Breach

The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs (VA) Office of Management said in a Monday statement.

The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs (VA) Office of Management said in a Monday statement.

The data breach involved an online application pertaining to the Financial Services Center (FSC), which was accessed by “unauthorized users to divert payments to community health care providers for the medical treatment of Veterans.”

The application was taken offline and the incident reported to VA’s Privacy Office.

An investigation into the incident has revealed that the hackers modified financial information once they were able to access the application. By using social engineering and exploiting authentication protocols, the attackers were then able to divert payments from the VA.

“To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” the VA reveals.

The FSC also started alerting the affected veterans of the incident and the potential compromise of personal information. For those who are deceased, the next-of-kin are being alerted.

Veterans who might have had their social security numbers compromised in the incident are being offered access to credit monitoring services, the Department of Veterans Affairs said.

Only veterans who receive the breach notification should take action to protect their data, as instructed in the letter they receive. Other veterans were not affected by the data breach.

“Given that the loss of records safeguarded by the federal government has been in batches of hundreds of thousands, or even millions in recent memory, it is probably a relief to someone somewhere that this breach accounts for less than fifty thousand,” Tim Wade, Technical Director, CTO Team at Vectra, said in an emailed comment.

“That we’re framing this loss in that context just further underscores the need for federal systems to rapidly modernize IT security capabilities. Leadership at the top must take accountability, and cultural changes must occur, if we are to expect these patterns to abate,” Wade continued.

Related: Freepik Discloses Data Breach Impacting 8.3 Million Users

Related: LiveAuctioneers Data Breach Impacts 3.4 Million Users

Related: San Francisco Employees’ Retirement System Discloses Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.