The Department of Veterans Affairs (VA) has disclosed today a security breach during which the personal information of around 46,000 veterans was obtained by a malicious third-party.
Officials said the breach took place after “unauthorized users” accessed an online application managed by the VA Financial Services Center (FSC).
The VA said the hackers used “social engineering techniques” and exploited the “authentication protocol” to gain access to the FSC app and then divert VA payments intended for healthcare providers for the medical treatment of US veterans.
While officials are still investigating the incident, the VA believes that the hackers might have also accessed veteran records, including Social Security numbers.
“To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information,” the VA said in a press release on Monday. “The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised.”
To prevent further intrusions and possible payment order hijacks, VA officials said they took down the compromised FSC app and do not intend to bring it back up until after a “comprehensive security review.”
This is the second security breach announced by the VA in its history. The first one took place in 2006 when an unknown party stole a laptop and an external hard drive containing the personal records of 26 million veterans during an employee’s house robbery. A subsequent Inspector General report found the VA guilty for acting “with indifference and little sense of urgency” after the loss of the computer hardware.