U.S. Veterans’ Personal Information Exposed in VA Data Breach | #Databreach | Pentest | #Hacker


A cybersecurity Breach in the U.S. Department of Veterans Affairs impacted the personal records of 46,000 veterans. Hackers used social engineering techniques to gain access to the payment application and leak personal data like social security numbers.

A data breach in the U.S. Department of Veterans Affairs exposed the personal data of approximately 46,000 veterans, the agency said in a statement. Unauthorized users gained access to an online payment application managed by the Financial Services Center (FSC) of the agency and diverted payments to community health care providers which was originally allocated for the­ medical treatment of veterans.

 Sam Curry, Chief Security Officer at Cybereason told Verdict UK, “Is there no longer honour among thieves? Their behaviour in this time of crisis is despicable and disgusting.”

According to the press statement, data was accessed through “social engineering techniques and by exploiting authentication protocols”. The FSC has notified the VA’s Privacy Office about the breach. “To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” the agency said in a statement.

While the security review is under process, the FSC has started alerting veterans and the immediate family members of those who are deceased. They have sent letters to those affected. “Veterans whose information was involved are advised to follow the instructions in the letter to protect their data. There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident.”

FSC will also provide free credit monitoring services to those whose social security numbers were compromised.

See Also: Microsoft Warns of Cyberattacks From Russia, China & Iran Ahead of U.S. Election

Compared to the first breach at the VA, this one is considerably on a lower scale. Tim Wade, Technical Director of the CTO Team at Vectra AI told SiliconANGLE, “Given that the loss of records safeguarded by the federal government has been in batches of hundreds of thousands, or even millions in recent memory, it is probably a relief to someone somewhere that this breach accounts for less than 50,000.” For comparison, the smallest of the top 10 data breaches in U.S. government organizations between 2014 to 2019 affected over 2.4 million records, while the largest single breach compromised more than 60 million U.S. Postal Service records in 2018.

The first VA breach, according to ZDNet occurred in 2006 where an astounding 26 million records were exposed. It should be noted that the 2006 breach was a result of stolen hardware while the second (and the latest) is speculated to have been caused directly over the web.

Let us know if you liked this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!





Click here for the original Source.

_________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .

Leave a Reply