Data Breach at the VA: What We Know
On September 14th, the Department of Veterans Affairs (VA) Office of Management announced a data breach involving the personal information of approximately 46,000 Veterans.
Here’s What We Know
The VA’s Financial Services Center (FSC) determined that one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the medical treatment of Veterans. Their initial review indicates that the unauthorized users gained access to the application, changed financial information, and then used social engineering techniques to exploit authentication protocols.
FSC Takes Action
The FSC took the application offline and immediately reported the breach to the VA’s Privacy Office. To prevent any further unauthorized access, all access to the application has been disabled until a comprehensive security review is completed by the VA Office of Information Technology.
The FSC is alerting the affected veterans and their family members of the potential risk posed to their personal information. The VA also announced that it is offering access to credit monitoring services at no cost to those whose social security numbers may have been compromised.
Veterans who receive a letter indicating that their information may have been breached are advised to follow the instructions in the letter to protect their data. If you do not receive a letter from the VA about this issue, then your information has likely not been compromised.
Any of you who do receive a letter can direct specific questions to the FSC Customer Help Desk:
- Via Email: VAFSCVeteransSupport@va.gov
- Postal mail: VA FSC Help Desk, Attn: Customer Engagement Center, P.O. Box 149971, Austin, TX 78714-9971
Protect Yourself and Your Data
The compromised application has remained unnamed and a timeline for the breach has not been provided. Remain vigilant and keep an eye on your data. If something seems off, a good first move is changing your passwords on any and all VA related accounts.
Finally, the FSC indicated that social engineering was involved in the breach. That means that the unauthorized users exploited what little information they may have had and used it to extract more information until they could put all the puzzle pieces together and replicate your identity.
When it comes to protecting your personal information, never give away information over the phone. Legitimate contact from government agencies will happen through the mail, just like the IRS will not call you and ask you to buy iTunes gift cards. Always be suspicious of phone calls from people telling you they’re from the government.
I sure hope I don’t get a letter in the mail! But again, if you do, please direct specific questions to the FSC Customer Help Desk:
- Via Email: VAFSCVeteransSupport@va.gov
- Postal mail: VA FSC Help Desk, Attn: Customer Engagement Center, P.O. Box 149971, Austin, TX 78714-9971
(Image courtesy of Sergey Nivens via www.123rf.com)
RELATED:
- Watchdog Reports Troops May Not Be Receiving Adequate Health Care
- Largest VA Budget Proposal Passes House
- President Trump Signs Two Veteran-Supporting Laws
- Military Impact of Payroll Tax Deferral
- More Provider Choices for Some TRICARE Recipients
About the author
Lori Waddell serves as Co-director of an emergency response COAD in Montana, a freelance writer, and an Air Force Key Spouse. She is passionate about empowering communities and individuals through knowledge and resources. She currently lives in Montana with her husband and two children.