The Department of Veterans Affairs (VA) announced today that an unauthorized actor entered its Financial Services Center database and accessed the personal information of 46,000 veterans.
The data breach occurred as malicious actors attempted to divert payments to community healthcare providers for veterans’ medical treatment. According to a VA press release, the Financial Services Center took the application offline and reported the incident to the agency’s privacy office. The systems will not be reenabled until the agency completes a comprehensive security review of the program.
“A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols,” VA wrote about the incident.
The Financial Services Center is alerting affected individuals and offering credit monitoring services to those whose social security numbers may have been compromised, per VA. Veterans who did not receive an alert by mail are assured that their personal information was not involved in the incident.
Last month, the Financial Services Center issued a request for information seeking an in-depth cybersecurity audit to analyze its compliance with Federal statutes, how the agency is adapting processes to support compliance, and cybersecurity sustainment across VA.