DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update: eBenefits breach caused by software update

Posted on January 29, 2014 by Dissent

The Department of Veterans Affairs has issued an update to the recent eBenefits portal breach, previously reported here, here, and here. Their statement:

As you may be aware, the eBenefits web portal was shut down for a period of time earlier this month, and a limited number of Veterans had some of their private information exposed to other Veterans or Servicemembers that were logged into the site.  I want to take the opportunity to explain what happened and what we are doing going forward.  I also want to apologize to any Servicemember, Veteran, or family member impacted by this interruption in service and inadvertent exposure of data.  You deserve better, we regret that this error occurred, and we are committed to serving you.

On the evening of Wednesday January 15, 2014, we updated a system that provides information to eBenefits.  While we were in the process of validating that the update was working, some Veterans notified VA that they were able to see other Veterans’ information when they were using eBenefits.  We took immediate action to examine these reports and discovered a problem had occurred.  As soon as the problem was confirmed, we stopped the update immediately and conducted a review to determine what went wrong.  We also took the opportunity to conduct a top-to-bottom review of the eBenefits system. eBenefits was brought back online after we were certain that the issue was resolved and that private Veteran information in eBenefits was protected.  The eBenefits portal is now available to use.

It’s important to know that this was not a malicious act of hacking to steal Veterans’ identities, but rather a problem introduced by a software update.  Regardless, we take any kind of data exposure seriously and will work to make sure this does not happen again.

In total, our initial analysis indicates that approximately 1,360 Veterans or Servicemembers may have had their information inadvertently exposed to other Veterans or Servicemembers.  Their information was potentially seen by as many as 5,351 fellow Veterans and Servicemembers who were logged into eBenefits during the time the software defect was in effect.  We sincerely hope that those who were able to view another user’s data protect their fellow Veterans’ or Servicemembers’ personal information as they would their own. If you saw another individual’s information, please do not share it.

VA’s independent Data Breach Core Team is continuing its review of this incident. When their review is complete, VA will reach out to each individual user whose information may have been improperly exposed about what steps should be taken and, as is standard VA practice, to offer free credit monitoring.

We greatly appreciate the Veterans and other eBenefits users who called our VBA call centers and brought this incident to our attention. VA cares deeply for every Veteran we are privileged to serve and that includes the protection of personal information.  We support the Veteran community, and we are all working together towards a common goal – to improve the lives of Veterans and their families. We encourage our Veterans to continue using the eBenefits portal as central location for Veterans, Servicemembers, and their families to research, find, and access their benefits and personal information.

Category: ExposureGovernment SectorU.S.

Post navigation

← Big Tree Solutions data breach affected those who ordered online from restaurants (update 1)
Update: eBenefits breach caused by software update →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.