The Department of Veterans Affairs said that the personal data of approximately 46,000 veterans was potentially left at risk in a data breach involving one of its systems.
The VA’s Office of Management made the announcement and said that the agency’s Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the medical treatment of Veterans. The application has been taken offline and the breach was reported to the VA’s Privacy Office.
“A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols. To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” the VA said in its press release on the incident.
The VA did not elaborate further as to whether or not any payments were successfully diverted.
According to Norton.com, “Social engineering is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.”
Impacted individuals are being alerted by the FSC, or next of kin in the event it involves personal data of a deceased individual. The agency is also providing free credit monitoring services to those impacted. The VA also added that any veterans who do not receive a letter from the agency do not need to take any action as their personal information was not affected.
The only mention of what type of personal data were involved in the breach was Social Security numbers when the agency said that the free credit monitoring services were being offered to “those [individuals] whose social security numbers may have been compromised.”
Veterans or Veteran next-of-kin that receive notification their information is potentially at risk from this incident can direct specific questions to the FSC Customer Help Desk to VAFSCVeteransSupport@va.gov or writing to VA FSC Help Desk, Attn: Customer Engagement Center, P.O. Box 149971, Austin, TX 78714-9971.