Connect with us

Hi, what are you looking for?



Personal Information of 46,000 U.S. Veterans Exposed in Data Breach

The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs (VA) Office of Management said in a Monday statement.

The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs (VA) Office of Management said in a Monday statement.

The data breach involved an online application pertaining to the Financial Services Center (FSC), which was accessed by “unauthorized users to divert payments to community health care providers for the medical treatment of Veterans.”

The application was taken offline and the incident reported to VA’s Privacy Office.

An investigation into the incident has revealed that the hackers modified financial information once they were able to access the application. By using social engineering and exploiting authentication protocols, the attackers were then able to divert payments from the VA.

“To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” the VA reveals.

The FSC also started alerting the affected veterans of the incident and the potential compromise of personal information. For those who are deceased, the next-of-kin are being alerted.

Veterans who might have had their social security numbers compromised in the incident are being offered access to credit monitoring services, the Department of Veterans Affairs said.

Advertisement. Scroll to continue reading.

Only veterans who receive the breach notification should take action to protect their data, as instructed in the letter they receive. Other veterans were not affected by the data breach.

“Given that the loss of records safeguarded by the federal government has been in batches of hundreds of thousands, or even millions in recent memory, it is probably a relief to someone somewhere that this breach accounts for less than fifty thousand,” Tim Wade, Technical Director, CTO Team at Vectra, said in an emailed comment.

“That we’re framing this loss in that context just further underscores the need for federal systems to rapidly modernize IT security capabilities. Leadership at the top must take accountability, and cultural changes must occur, if we are to expect these patterns to abate,” Wade continued.

Related: Freepik Discloses Data Breach Impacting 8.3 Million Users

Related: LiveAuctioneers Data Breach Impacts 3.4 Million Users

Related: San Francisco Employees’ Retirement System Discloses Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...