VA's eBenefits suffers data breach

VA's eBenefits suffers data breach

On Jan. 15, while a performance improvement update was being conducted on the Department of Veterans Affairs Ebenefits website, it was found that veterans’ accounts were overlapped; a veteran who was logged onto the system could log off, then log back on and accidentally be routed to a different veterans account. Due to the nature of the glitch, the decision was made to roll back to the previous version, which was completed on Jan. 16. Due to the sensitive nature of this error, the Ebenefits website was taken down for maintenance so that all the necessary steps could be taken to ensure the glitch had been corrected. Initially VA anticipated the glitch affected 5,351 veterans, though ultimately the number is anticipated to be much lower. Once the exact number is found, those veterans will be contacted, and as a precaution VA will provide credit monitoring service to the veteran free of charge.

VA has issued the following statement regarding the data breach.

The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information. Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal  e-Benefits, VA discovered a software defect. During that limited timeframe, some Veterans and Service members who had registered and logged into e-Benefits were able to see a combination of their own information as well as data from other e-Benefits users. VA took immediate action upon discovering the software defect and shut the e-Benefits system down in order to limit any problems.

VA brought eBenefits back online Sunday, after a period of down time. VA conducted a full review of the software issue and reinforced its security posture, after determining that the defect had been remedied and the portal was functioning properly.  All eBenefits functionality is now available to use.  We offer our sincere apologies to any Servicemember, Veteran or family member impacted by the software defect and the downtime.

VA’s independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA’s standard practice.”