DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update: eBenefits breach caused by software update

Posted on January 29, 2014 by Dissent

The Department of Veterans Affairs has issued an update to the recent eBenefits portal breach, previously reported here, here, and here. Their statement:

As you may be aware, the eBenefits web portal was shut down for a period of time earlier this month, and a limited number of Veterans had some of their private information exposed to other Veterans or Servicemembers that were logged into the site.  I want to take the opportunity to explain what happened and what we are doing going forward.  I also want to apologize to any Servicemember, Veteran, or family member impacted by this interruption in service and inadvertent exposure of data.  You deserve better, we regret that this error occurred, and we are committed to serving you.

On the evening of Wednesday January 15, 2014, we updated a system that provides information to eBenefits.  While we were in the process of validating that the update was working, some Veterans notified VA that they were able to see other Veterans’ information when they were using eBenefits.  We took immediate action to examine these reports and discovered a problem had occurred.  As soon as the problem was confirmed, we stopped the update immediately and conducted a review to determine what went wrong.  We also took the opportunity to conduct a top-to-bottom review of the eBenefits system. eBenefits was brought back online after we were certain that the issue was resolved and that private Veteran information in eBenefits was protected.  The eBenefits portal is now available to use.

It’s important to know that this was not a malicious act of hacking to steal Veterans’ identities, but rather a problem introduced by a software update.  Regardless, we take any kind of data exposure seriously and will work to make sure this does not happen again.

In total, our initial analysis indicates that approximately 1,360 Veterans or Servicemembers may have had their information inadvertently exposed to other Veterans or Servicemembers.  Their information was potentially seen by as many as 5,351 fellow Veterans and Servicemembers who were logged into eBenefits during the time the software defect was in effect.  We sincerely hope that those who were able to view another user’s data protect their fellow Veterans’ or Servicemembers’ personal information as they would their own. If you saw another individual’s information, please do not share it.

VA’s independent Data Breach Core Team is continuing its review of this incident. When their review is complete, VA will reach out to each individual user whose information may have been improperly exposed about what steps should be taken and, as is standard VA practice, to offer free credit monitoring.

We greatly appreciate the Veterans and other eBenefits users who called our VBA call centers and brought this incident to our attention. VA cares deeply for every Veteran we are privileged to serve and that includes the protection of personal information.  We support the Veteran community, and we are all working together towards a common goal – to improve the lives of Veterans and their families. We encourage our Veterans to continue using the eBenefits portal as central location for Veterans, Servicemembers, and their families to research, find, and access their benefits and personal information.

Category: Health Data

Post navigation

← Update: eBenefits breach caused by software update
Target Hackers Used Stolen Vendor Credentials →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.