U.S. Department of Veterans Affairs experiences data breach

The U.S. Department of Veterans Affairs (VA) has announced that they have experienced a data breach. The breach, as of this article’s writing, affects upwards of 26,000 veterans registered with the VA. The breach was uncovered by the Financial Services Center (FSC) as they noticed unauthorized third-party activity in their network.

According to the press release, the investigation has so far revealed the following information and response from the VA:

These unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols. To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology.

The VA office is warning veterans who are likely to have been affected by the breach. Additionally, which is a look into just how deep this breach goes, the U.S. Department of Veteran Affairs is offering free credit monitoring to anyone with compromised Social Security data.

When contacted by members of the press, the VA was fairly tight-lipped about what they think caused the breach. This is understandable as the investigation is still ongoing and is a matter of national security. Security experts did have some commentary on the situation, however, which may shed some light on specific concerns.

Ilia Sotnikov, vice president of product management at Netwrix, had this to say when interviewed by Threatpost’s Tara Seals:

It’s too early to say whether new configurations related to the change to work from home played a role in VA hack or not, but it might be a good reminder for other companies to review decisions made in March and April as they were quickly adopting to the new ways of staying productive... the VA needs to ensure they are taking every security step necessary to not only protect financial data, but also the sensitive personal and healthcare data for the veterans it serves.

Should more developments arise on this Veterans Affairs data breach, they will be reported on.

Featured image: Wikimedia

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Find what you need: Using PowerShell to parse Windows log files

There’s a lot of information in log files. Maybe too much information. Use PowerShell to…

17 hours ago

How to quickly check the status of all your Azure services

Error messages don’t always tell you what caused the problem with Azure.. Azure services status…

21 hours ago

Future-proofing operations with AI-powered predictive analytics

Is your organization faced with making tough decisions about staffing, remote work, and other matters?…

24 hours ago

3 startups leveraging the power of AI to modernize enterprises

With artificial intelligence, there’s no looking back. And these forward-looking startups are at the leading…

2 days ago

Mental health patients blackmailed following major hack in Finland

There are fewer things more evil than blackmailing patients of a psychotherapy clinic. But this…

2 days ago

Attracting IT pros with great tech talent in the time of COVID-19

COVID-19 has forced many to shelter-in-place — including IT pros who might otherwise look for…

2 days ago