The Department of Veterans Affairs has issued an update to the recent eBenefits portal breach, previously reported here, here, and here. Their statement:
As you may be aware, the eBenefits web portal was shut down for a period of time earlier this month, and a limited number of Veterans had some of their private information exposed to other Veterans or Servicemembers that were logged into the site. I want to take the opportunity to explain what happened and what we are doing going forward. I also want to apologize to any Servicemember, Veteran, or family member impacted by this interruption in service and inadvertent exposure of data. You deserve better, we regret that this error occurred, and we are committed to serving you.
On the evening of Wednesday January 15, 2014, we updated a system that provides information to eBenefits. While we were in the process of validating that the update was working, some Veterans notified VA that they were able to see other Veterans’ information when they were using eBenefits. We took immediate action to examine these reports and discovered a problem had occurred. As soon as the problem was confirmed, we stopped the update immediately and conducted a review to determine what went wrong. We also took the opportunity to conduct a top-to-bottom review of the eBenefits system. eBenefits was brought back online after we were certain that the issue was resolved and that private Veteran information in eBenefits was protected. The eBenefits portal is now available to use.
It’s important to know that this was not a malicious act of hacking to steal Veterans’ identities, but rather a problem introduced by a software update. Regardless, we take any kind of data exposure seriously and will work to make sure this does not happen again.
In total, our initial analysis indicates that approximately 1,360 Veterans or Servicemembers may have had their information inadvertently exposed to other Veterans or Servicemembers. Their information was potentially seen by as many as 5,351 fellow Veterans and Servicemembers who were logged into eBenefits during the time the software defect was in effect. We sincerely hope that those who were able to view another user’s data protect their fellow Veterans’ or Servicemembers’ personal information as they would their own. If you saw another individual’s information, please do not share it.
VA’s independent Data Breach Core Team is continuing its review of this incident. When their review is complete, VA will reach out to each individual user whose information may have been improperly exposed about what steps should be taken and, as is standard VA practice, to offer free credit monitoring.
We greatly appreciate the Veterans and other eBenefits users who called our VBA call centers and brought this incident to our attention. VA cares deeply for every Veteran we are privileged to serve and that includes the protection of personal information. We support the Veteran community, and we are all working together towards a common goal – to improve the lives of Veterans and their families. We encourage our Veterans to continue using the eBenefits portal as central location for Veterans, Servicemembers, and their families to research, find, and access their benefits and personal information.