Google +LinkedInPinterestYouTubeInstagramTwitterFacebook

Foreign hackers steal VA data

Foreign hackers steal VA data

Computer hackers operating from foreign countries have been stealing information for the past three years from the Department of Veterans Affairs (VA) unencrypted database, which contains personal information on about 20 million American veterans.

The VA database includes the names of veterans and their dependents, Social Security numbers, dates of birth and protected health information.

John Stovall, director of The American Legion’s National Security/Foreign Relations Division, said the repeated cyber-theft of VA information "is shocking, given the fact that federal agencies and private-sector businesses have been under such attacks for several years. It is completely unacceptable that the VA would leave such a massive, sensitive database unencrypted and vulnerable."

At a June 4 hearing of the House Committee on Veterans’ Affairs, VA official Stephen Warren claimed that only one nation – which he did not identify – has penetrated VA’s computer network in the past year. That claim was contradicted by another panelist, Jerry Davis, VA’s former deputy assistant secretary for information security. He said he knew of at least eight foreign-sponsored organizations that have broken into VA’s network.

Stovall said "the most likely culprits are computer hackers in China and Russia, either working for the government or else organized crime. Any gang of cyber-thieves committing financial fraud would also have an obvious interest in stealing personal information. Because VA has failed to protect its network sufficiently, many of our nation’s veterans are at risk from identity theft, credit fraud and other crimes committed in cyberspace."

The American Legion passed two resolutions at its national convention last August that dealt with cyber-security. One called on Congress "to appropriate the necessary funding to combat the continuing cyberspace warfare threats to the United States in the 21st Century"; the other urged the federal government "to immediately take such action as may be appropriate and necessary to effectively fund and staff federal intelligence and security agencies at a level that will help protect the United States from foreign espionage, organized crime, terrorism, and subversive activities."

Auditors in VA’s Inspector General office have reported that, in addition to taking data, hackers also took control of domain controllers, which allowed them to have full access to VA’s network.

Warren said at the hearing that he was confident in the steps taken by VA to meet cyber-security challenges. One initiative, the Continuous Readiness Information Security Program, is expected to be fully implemented later this year. VA also has a plan in place that will address 32 cyber-security recommendations by its own Inspector General. Committee member Rep. Mike Coffman, R-Colo., asked VA to submit a report within 30 days on exactly how it plans to act on those recommendations.

 

 

More in National Security

 

dan2027

June 8, 2013 - 6:13am

Everything in the news talks about NSA gathering information to protect the nation, and the use of monitoring Google, Yahoo, etc. Why can't they use some of this technology to protect the veterans, and the VA records?

teacher36870

June 6, 2013 - 7:14pm

This scares me so much that others have our information. Is there anything the VA can/will do to help protect those whose personal information has been compromised by these people?

sjboyle

June 6, 2013 - 4:16pm

Foreign hackers have been stealing Veterans Affairs data on 20 million veterans for the past 3 years, including SSNs of family members. I strongly suggest putting a security freeze on your credit bureau accounts. Transunion Equifax Experian Consider it cheap insurance from financial disaster.

EnserNG

June 5, 2013 - 5:38pm

This is ridiculous! When are they planning to notify those whose information was accessed and what coverage will be put in place to help protect them? Sony at least provided a year of monitoring/protection services for those affected when they were hacked.

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Tell us what you think