The U.S. Department of Veterans Affairs (VA) has announced that they have experienced a data breach. The breach, as of this article’s writing, affects upwards of 26,000 veterans registered with the VA. The breach was uncovered by the Financial Services Center (FSC) as they noticed unauthorized third-party activity in their network.
According to the press release, the investigation has so far revealed the following information and response from the VA:
These unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols. To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology.
The VA office is warning veterans who are likely to have been affected by the breach. Additionally, which is a look into just how deep this breach goes, the U.S. Department of Veteran Affairs is offering free credit monitoring to anyone with compromised Social Security data.
When contacted by members of the press, the VA was fairly tight-lipped about what they think caused the breach. This is understandable as the investigation is still ongoing and is a matter of national security. Security experts did have some commentary on the situation, however, which may shed some light on specific concerns.
Ilia Sotnikov, vice president of product management at Netwrix, had this to say when interviewed by Threatpost’s Tara Seals:
It’s too early to say whether new configurations related to the change to work from home played a role in VA hack or not, but it might be a good reminder for other companies to review decisions made in March and April as they were quickly adopting to the new ways of staying productive… the VA needs to ensure they are taking every security step necessary to not only protect financial data, but also the sensitive personal and healthcare data for the veterans it serves.
Should more developments arise on this Veterans Affairs data breach, they will be reported on.
Featured image: Wikimedia