The U.S. Department of Veterans Affairs (VA) Office of Management announced that a data breach involving the personal information of approximately 46,000 Veterans and actions taken by the department to prevent and mitigate any potential harm to those individuals.
The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the¬ medical treatment of Veterans. The FSC took the application offline and reported the breach to VA’s Privacy Office. A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols. To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology.
To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information. The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised.
Veterans whose information was involved are advised to follow the instructions in the letter to protect their data. There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident.
Veterans or Veteran next-of-kin that receive notification their information is potentially at risk from this incident can direct specific questions to the FSC Customer Help Desk to VAFSCVeteransSupport@va.gov or writing to VA FSC Help Desk, Attn: Customer Engagement Center, .P.O. Box 149971, Austin, TX 78714-9971.