Data Breach at VA" width="708" height="472" />
On September 14th, the Department of Veterans Affairs (VA) Office of Management announced a data breach involving the personal information of approximately 46,000 Veterans.
The VA’s Financial Services Center (FSC) determined that one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the medical treatment of Veterans. Their initial review indicates that the unauthorized users gained access to the application, changed financial information, and then used social engineering techniques to exploit authentication protocols.
The FSC took the application offline and immediately reported the breach to the VA’s Privacy Office. To prevent any further unauthorized access, all access to the application has been disabled until a comprehensive security review is completed by the VA Office of Information Technology.
The FSC is alerting the affected veterans and their family members of the potential risk posed to their personal information. The VA also announced that it is offering access to credit monitoring services at no cost to those whose social security numbers may have been compromised.
Veterans who receive a letter indicating that their information may have been breached are advised to follow the instructions in the letter to protect their data. If you do not receive a letter from the VA about this issue, then your information has likely not been compromised.
Any of you who do receive a letter can direct specific questions to the FSC Customer Help Desk:
The compromised application has remained unnamed and a timeline for the breach has not been provided. Remain vigilant and keep an eye on your data. If something seems off, a good first move is changing your passwords on any and all VA related accounts.
Finally, the FSC indicated that social engineering was involved in the breach. That means that the unauthorized users exploited what little information they may have had and used it to extract more information until they could put all the puzzle pieces together and replicate your identity.
When it comes to protecting your personal information, never give away information over the phone. Legitimate contact from government agencies will happen through the mail, just like the IRS will not call you and ask you to buy iTunes gift cards. Always be suspicious of phone calls from people telling you they’re from the government.
I sure hope I don’t get a letter in the mail! But again, if you do, please direct specific questions to the FSC Customer Help Desk:
(Image courtesy of Sergey Nivens via www.123rf.com)