The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs (VA) Office of Management said in a Monday statement.
The data breach involved an online application pertaining to the Financial Services Center (FSC), which was accessed by “unauthorized users to divert payments to community health care providers for the medical treatment of Veterans.”
The application was taken offline and the incident reported to VA’s Privacy Office.
An investigation into the incident has revealed that the hackers modified financial information once they were able to access the application. By using social engineering and exploiting authentication protocols, the attackers were then able to divert payments from the VA.
“To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” the VA reveals.
The FSC also started alerting the affected veterans of the incident and the potential compromise of personal information. For those who are deceased, the next-of-kin are being alerted.
Veterans who might have had their social security numbers compromised in the incident are being offered access to credit monitoring services, the Department of Veterans Affairs said.
Only veterans who receive the breach notification should take action to protect their data, as instructed in the letter they receive. Other veterans were not affected by the data breach.
“Given that the loss of records safeguarded by the federal government has been in batches of hundreds of thousands, or even millions in recent memory, it is probably a relief to someone somewhere that this breach accounts for less than fifty thousand,” Tim Wade, Technical Director, CTO Team at Vectra, said in an emailed comment.
“That we’re framing this loss in that context just further underscores the need for federal systems to rapidly modernize IT security capabilities. Leadership at the top must take accountability, and cultural changes must occur, if we are to expect these patterns to abate,” Wade continued.
Related: Freepik Discloses Data Breach Impacting 8.3 Million Users
Related: LiveAuctioneers Data Breach Impacts 3.4 Million Users
Related: San Francisco Employees’ Retirement System Discloses Data Breach