September 15, 2020

“Disgusting”: US Department of Veteran Affairs suffers data breach

By Ellen Daniel

The US Department of Veteran Affairs has suffered a data breach, with the personal information of 46,000 veterans affected.

The Department of Veteran Affairs disclosed the breach yesterday, saying in a statement that “unauthorised users” had been able to access an online application managed by the VA Financial Services Center (FSC).

Currently, the department believes that unauthorised actors were able to change financial information in order to divert payments from Veteran Affairs to community health care providers for the­ medical treatment of veteran “using social engineering techniques and exploiting authentication protocols”.

It said that the FSC took the application offline, and will not put it back online until a comprehensive security review has taken place, and reported the breach to the Vetran Affairs Privacy Office.

The FSC is now alerting affected individuals of the Department of Veteran Affairs data breach, and will offer access to credit monitoring services to those whose social security numbers may have been included in the breach.

According to ZDNet, the Department of Veteran Affairs suffered a security breach in 2006, after a laptop and a harddrive containing the records of 26m veterans was stolen from an employee’s home.

Sam Curry, chief security officer at Cybereason described the hack as “disgusting”.

“Is there no longer honour among thieves? Their behaviour in this time of crisis is despicable and disgusting,” he said.

“Today, new security threats are surfacing on a regular basis and cyber crime groups are not only well funded but they are patient and persistent. If they have their sights set on one particular company or organisations, nothing will stop them from being successful. The defenders or good guys have to be right 100 percent of the time and that is a monumental task given the expanding digital footprint. From initial reports it looks like the VA is conducting a thorough investigation into this latest breach and that’s great news.

“For the VA, and all organisations, it is essential to implement around the clock threat hunting services and to take the fight to the cybercriminals. This approach will enable security teams to see attacks as they are happening allowing them to stop them. In addition, all organisations should regularly conduct security awareness training to help employees do their part to reduce risk. At a basic level, never open email attachments from unknown sources on any device, don’t visit dubious websites and never download content onto your device from sketchy sources.”


Read more: Security researchers uncover Bluetooth vulnerability.


 

Verdict deals analysis methodology

This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,