The Department of Veterans Affairs (VA) announced Monday that the personal information of around 46,000 veterans was accessed in a recent data breach.
The news came after the agency’s Financial Services Center discovered that an unauthorized user had accessed an application used to help veterans pay for medical care and diverted funds meant for community health providers.
The individuals behind the breach used social engineering tactics to access accounts, according to the VA, along with exploiting authentication protocols. The VA noted that access to the breached system has been disabled until the agency’s Office of Information Technology is able to conduct a review.
The agency has begun sending letters to veterans impacted by the breach as well as next-of-kin notifications for those who are no longer alive and is offering free credit monitoring to those whose Social Security numbers were compromised.
The VA did not provide details on who was behind the hack or how many Social Security numbers were potentially compromised.
The VA was hit by a massive breach in 2006 when a computer disk was stolen that contained the names, Social Security numbers and birth dates of around 26.5 million veterans, including several lawmakers.
More recently, the VA’s Office of Inspector General published a report last year that found the VA’s Milwaukee regional office had “mishandled” veterans' personal data, leaving it exposed to around 25,000 remote network users for months.
Veterans have often been a target for malicious actors online, including by Russian disinformation campaigns during both the 2016 and ongoing 2020 elections.