Personal Data on 46K American Vets Exposed
The U.S. Department of Veterans Affairs (VA) Office of Management reported that the agency suffered a data breach. The personal information of about 46,000 US veterans was exposed when hackers exploited an online application. The initial investigation determined that the attackers gained access to the application and changed data to steal payments from the VA to healthcare providers.
“An online application was exploited, and payments diverted from community health care providers,” said the VA in a statement. “A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols.” The Financial Services Center (FSC) took the application offline while the investigation is ongoing.
FSC is notifying all veterans affected by the data breach. If the veteran is deceased, their next of kin will be notified instead. The application was taken offline until the review can be completed and the form secured.
READ: Six Government Cyber Security Jobs for Veterans
How the VA Data Breach Happened
The hackers gained access to the application through social engineering. Social engineering is a common attack vector used to gain information about a victim. Social engineering includes tactics such as gleaning personal information from social media sites, collecting email addresses from corporate websites, or taking information from public records.
The more personal information the attacker includes in a phishing email or other message, the more likely the victim is to believe the message is legitimate. Phishing emails commonly include the victim’s first name, a password used for another online account, their employer’s name, or other personalized information. It is all used to make a phishing email seem like it comes from someone the target knows. The goal is to get the reader to follow the instructions in the email.
Some scammers may even call the victim and scare them into sending money.
United States Department of Veterans Affairs
The United States Department of Veterans Affairs (VA) was created to provide health services and benefits to eligible military veterans.
VA Data Breach – How Do I Protect Myself?
If you are a US Veteran and have not received a notification from the VA, then you are not affected by this data breach. However, Veterans Affairs and FSC have not disclosed exactly what information was stolen by hackers. All Veterans should monitor their credit reports, bank accounts, and credit cards.
To alert Vets of identity theft, financial theft or other fraud, a quality monitoring service can alert you to suspicious activity before any real damage is done.
The VA is offering credit monitoring services to those Veterans if their Social security number was compromised. Everyone is entitled to one free credit report from each of the three credit bureaus once a year.
READ: Get a Free Credit Report for Military Service Members
Data Breaches May Lead to Phishing and Data Theft
Even if your Social Security number or money was spared during a data breach, it doesn’t mean you’re safe. Hackers use information from previous data breaches to send phishing emails and break into online accounts.
Personal data stolen during data breaches is sold on the dark web. Hackers use it to compile profiles about thousands of potential victims. The personal information is used to craft phishing emails that seemed familiar to the recipient. That way they’re more likely to click on a link in an email or download attachment. This can lead to infecting your computer with malware instantly or your money being stolen from a bank account because the hacker has your password.
All active-duty personnel – US Army, US Navy, US Air Force, US Marine Corps, US Coast Guard, and National Guard – can get freed credit monitoring.