Cyber Breach Affecting Veterans

Big Sarge · 01-25-2014, 05:16 PM

Any of you receiving benefits or who have applied for benefits need to check to see if your information was compromised. This is the message I received from the Wounded Warrior Program.

On Friday, 17 January 2014, there was a breach of the eBenefits website that is run by the Department of Defense (DOD) and Department of Veterans Affairs (VA). The VA is conducting an independent investigation. To learn whether your eBenefits information may have been compromised, you can call the VA directly at 1.800.827.1000. And, as always, you can reach out to your Benefits Service team at WWP.

Molasar · 01-25-2014, 06:27 PM

there's a lot of it about, and not in the 'usual suspect' countries or companies either, mostly in sensible places like major physical and online retailers, didn't Microsoft get hacked twice in a week not long ago?

if even tech-aware outfits can get hacked then a Govt department is childs play, the kind of hack you knock out in your lunch break with a sandwich in one hand.

xoxoxoBruce · 01-25-2014, 06:39 PM

Quote:

An internal VA memo from the Corporate Data Center Operations in Austin, Texas, obtained by FedScoop, said the incident occurred Jan. 15 at 10 p.m. ET when 20 veterans called the VA help desk complaining the eBenefits system had presented them with information belonging to other veterans.

“Veteran A was able to access any of the information available in eBenefits for Veteran B, but it is unknown if Veteran A moved past the initial welcome page,” the memo states. “VA IT specialists are investigating whether or not logs can be pulled showing which pages were accessed. Approximately 10,000 users logged in to eBenefits on Jan. 15 so IT specialists are investigating in attempt to narrow the time frame of when the incident began and ended.”

CDCO is a unique public-private data center partnership known as a Franchise Fund Organization. Authorized by the Government Management Reform Act of 1994, CDCO manages more than 1,800 servers for a multitude of government agencies. It operates on a fee-for-service basis, rather than receiving direct federal funding. VA said in a statement Friday afternoon the incident stemmed from a “software defect” introduced “during a process to improve” the system.

Once the number of users affected by the problem is determined, VA “will take the appropriate response, which may include free credit monitoring for the affected individuals,” according to the statement.

Users could see other peoples data, but no mention of being able to change anything.
Fortunately it looks like this is the same as those credit card breaches, where private information is stolen, rather than benefits been messed with.

tw · 01-26-2014, 10:11 PM

Quote:

Originally Posted by xoxoxoBruce

Fortunately it looks like this is the same as those credit card breaches, where private information is stolen, rather than benefits been messed with.

Important and unanswered questions are 1) what was stolen, 2) how was it done, 3) by who, and 4) why.

mbpark · 01-30-2014, 07:02 PM

This looks like the DOD put yet another system in without testing it fully and let it loose on the public. If the government would follow their own rules, this should not be an issue. Since this is a DOD system, they need to follow the DOD Information Assurance Certification and Accreditation Program, or DIACAP for short. They did not, as part of DIACAP is a risk management process and vulnerability assessment.

In other words, nothing new. Film at 11.

Sent from my iPad using Tapatalk

01-25-2014, 05:16 PM	#1
Big Sarge Werepandas - lurking in your shadows Join Date: Jun 2008 Location: In the Deep South Posts: 3,408	Cyber Breach Affecting Veterans Any of you receiving benefits or who have applied for benefits need to check to see if your information was compromised. This is the message I received from the Wounded Warrior Program. On Friday, 17 January 2014, there was a breach of the eBenefits website that is run by the Department of Defense (DOD) and Department of Veterans Affairs (VA). The VA is conducting an independent investigation. To learn whether your eBenefits information may have been compromised, you can call the VA directly at 1.800.827.1000. And, as always, you can reach out to your Benefits Service team at WWP. __________________ Give a man a match, & he'll be warm for 20 seconds. But toss that man a white phosphorus grenade and he'll be warm for the rest of his life.

01-25-2014, 06:27 PM	#2
Molasar Part-time superhero (off shift right now, leave a message) Join Date: Dec 2013 Location: Her Majesty's United Kingdom of Great Britain and Northern Ireland Posts: 211	there's a lot of it about, and not in the 'usual suspect' countries or companies either, mostly in sensible places like major physical and online retailers, didn't Microsoft get hacked twice in a week not long ago? if even tech-aware outfits can get hacked then a Govt department is childs play, the kind of hack you knock out in your lunch break with a sandwich in one hand. __________________ The only dumb question is the one you didn't ask.

01-30-2014, 07:02 PM	#5
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	This looks like the DOD put yet another system in without testing it fully and let it loose on the public. If the government would follow their own rules, this should not be an issue. Since this is a DOD system, they need to follow the DOD Information Assurance Certification and Accreditation Program, or DIACAP for short. They did not, as part of DIACAP is a risk management process and vulnerability assessment. In other words, nothing new. Film at 11. Sent from my iPad using Tapatalk

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)