Recently a software glitch with a joint VA and Defense Department site exposed the private information of veterans to virtually anyone who could log onto the system. The site allows veterans and their dependents to access such sensitive data as military personnel records, medical and educational benefits, disability claims and bank information.
Thankfully the VA is reporting that only about 5,300 users were affected, but that is still about 5,300 too many. This is on the heels of another incident dating back to at least June when the House Veterans Affairs Committee launched an investigation of the VA’s IT security practices. That was because the panel learned that the VA’s computer network had been repeatedly compromised since March 2010. (See my previous blog post on the VA’s attempts to protect veterans’ personal information.)
An internal VA memo said that about 20 veterans contacted the agency to report that they could see the accounts of other users while logged on. A news outlet reported that one veteran accidentally changed the information of another user before noticing the problem. This obviously suggested that others likewise would have been able to alter accounts.
After learning of the software glitch, the VA had shut down the eBenefits system for five days. It conducted a full review of the software and determined that the defect had been remedied and the portal was functioning properly. Once the exact number of impacted users is determined, the VA said it would provide them with free credit monitoring.
This latest incident amidst an ongoing investigation is yet another black eye for the VA. Please be vigilant of your personal information and accounts and immediately report any suspicious activity.