About 46,000 veterans had their personal information exposed after hackers breached Veterans Affairs computer systems used to send payments to outside medical providers, department officials announced Monday.
VA leaders said they have already notified the affected individuals, and that veterans who did not receive an alert need not be worried about their accounts. They described the incident as limited in scope but potentially concerning for the veterans involved.
The department’s Office of Finance has shut down access to the payments system amid a comprehensive security review of the problem.
Department officials have seen dramatic increases in recent months in video appointments, remote health care use.
In a statement, officials said that a preliminary review indicated that “unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols.”
Department officials did not specify what information may have been stolen or over how long the system exploit took place. They did say that VA will offer free access to credit monitoring services to any individuals whose social security numbers may have been compromised.
At least some of the cases may have involved veterans who are deceased. Officials said in those cases, next of kin would be notified of the problem.
The incident is not the first time in recent years that veterans had their personal information exposed by federal technology problems.
A second intrusion compromised an OPM database housing highly sensitive data from background investigations.
In 2015, Social Security numbers, family information, health records and even fingerprints of more than 21.5 million federal employees — including troops and veterans — were included in a massive data theft at the Office of Personnel Management. In 2012, more than 2,000 veterans had their personal information accidentally posted online when the Department of Veterans Affairs shared information with a privately-run genealogy site.
And in 2006, more than 26 million veterans and military personnel had their information exposed when a VA employee’s laptop was stolen from his home in Maryland. That incident prompted congressional hearings and investigations into the department’s data security procedures.
Individuals with questions from the latest data breach should reach out to VA’s Financial Services Center.