The Department of Veterans Affairs announced Monday that roughly 46,000 veterans had their personal information, such as social security numbers, exposed in a data breach.
“The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the medical treatment of veterans,” reads a VA statement on the incident.
Citing an ongoing investigation into the hack, the VA declined to comment for this story.
The application has since been taken offline, though a preliminary review by the VA indicates that “unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols,” reads the statement.
“To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” notes the release.
As Military Times’ Leo Shane reported, this is not the first time that tech issues within the federal government have resulted in the exposure of veterans’ personal information.
In 2015, health records, social security numbers, family information, and fingerprints of millions of federal employees, including veterans and service members, were stolen in a massive data breach at the Office of Personnel Management. And in 2012, more than 2,000 veterans had their information posted online when it was shared by the VA with a “privately run genealogy site,” Military Times reported.
The VA’s Financial Services Center has alerted those affected by the most recent incident of the potential risk to their personal information, and the VA is offering free credit-monitoring services to those who had social security numbers compromised.
“Veterans whose information was involved are advised to follow the instructions in the letter to protect their data,” the VA said in the statement. “There is no action needed from veterans if they did not receive an alert by mail, as their personal information was not involved in the incident.”
UPDATE: This article has been updated to reflect that the Department of Veterans Affairs declined to comment, citing an ongoing investigation into the data breach.