Sunday, January 19, 2014

VA e-benefits web site possible privacy breach

https://www.ebenefits.va.gov/SiteDown/siteDown.html
NORTH CAROLINA (CNN) - A North Carolina veteran said when he went to the VA benefits site, he was able to see other veterans' information.

Navy veteran Sylvester Woodland said at first he didn't understand, then couldn't believe what he was seeing.

"I was hoping it was just a glitch, but the more I thought about it, I said, wait a minute, this is more than a glitch, this is a breach," said Woodland.

Woodland was on the Veterans Affairs e-benefits website trying to track down his own history for a bank loan, but the site kept displaying other veterans' information, both medical and financial.

Woodland said he called the DOD, the VA, and even Senator Hagan's office, but didn't get any response until the website went down and an email came in from the DOD asking him to scan the few pages he printed out and email over.

Woodland, who works with internet privacy issues, said that could pose another breach. He said a better place to find answers would be his computer.

"I don't want them to take my system, but more than that, I don't want these veteran's private information to continue to bounce around out there in no man's land," said Woodland.

Woodland wonders if the breach was internal or intentional, and worries that not enough is being done to find out.

Department of Veteran's Affair's Genevieve Billia announced the following statement:

"The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information. Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal eBenefits, VA discovered a software defect. During that limited timeframe, some Veterans and Servicemembers who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users. VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems. VA is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.

VA's independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA's standard practice."
###

The VA issued a statement:

The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information.  Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal eBenefits, VA discovered a software defect. During that limited timeframe, some Veterans and Servicemembers who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users.  VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems.  VA is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.
VA's independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA's standard practice.

No comments:

Post a Comment