Another Troubling ‘Defect’ and Data Breach of eBenefits Peggy Dalton, US Army, Retired Chief Researcher and Analyst VeteranWarriors | Jan 23, 2014 Last Wednesday evening, January 15, 2014 there a compromise of personal, financial and medical information on the VA’s eBenefits website. Veterans logging onto eBenefits portal, were confronted with other veterans’ sensitive information. A Navy veteran on North Carolina tried several times to log into his personal account, and each attempt he viewed a different veteran’s information. A Marine veteran in Florida reports a very similar experience, he happens to be in Congressman Jeff Miller’s district. He called the local office to report the problems with eBenefits. Veterans tried using the toll-free number to alert the VA, but the calls were not answered. On eBenefits website, veterans seeking assistance and support are directed to VA’s Inquiry Routing & Information System (IRIS). A “trouble ticket” is initiated by completing a form. The VA has provided no information as to how it was alerted to data glitches on eBenefits. It is unclear if anyone was monitoring IRIS Help Desk on Wednesday night, Jan 15. The VA, through its official channels, does not subscribe to the same timeline as veterans that have spoken with news agencies. The VA statement indicates the webpage was immediately shutdown once the VA identified problems with eBenefits. But it is unclear when that “time” was exactly. The VA does acknowledge on Wednesday before the breach, there was a software upgrade installed to the eBenefits webpage. This update was part of linking DoD components with eBenefits. The VA is referring to this as a ‘defect’ and not a security incident. On Tuesday, January 21, the VA released a statement regarding the investigation and review by the Data Breach Core Team (DBCT), informing the public of the completion of the audit. An unnamed VA official said up to 5,351 people may have been impacted. The final number of affected veterans is unknown at this time. Presently the VA has done nothing to notified veterans of the ‘defect’ problem resulting in an information breach. There is no information posted on va.gov, nothing on va.gov/opa/pressrel/, nothing on https://ebenefits.va.gov/ebenefits-portal/ebenefits.portal, and nothing on About VA, Data Breaches va.gov/about_va/va_notices.asp. Back in May 2013, Pittsburgh Tribune-Review Investigative Reporter Carl Prine revealed a very significant track record of privacy and security violations and breaches. Between 2010 and May 2013, all departments within the VA (including employees and contractors) had 14,215 information breaches of personal information and security rules. In testimony before Oversight & Investigations subcommittee of the House Committee of Veterans Affairs, Acting Assistant Secretary OI&T and Chief Information Officer Stephen Warren stated he was not aware of any security breaches last June, initially. (https://youtube/watch?v=cdSzdEQfSQc) The VA’s Chief Information Security Officer (CISO) is Deputy Assistant Secretary for Information Security Stanley F. Lowe. The CISO has major responsibility all issues involving information security. Mr. Lowe was promoted after the departure of Jerry Davis. Mr. Davis left the VA under controversy regarding security certificates of VA IT systems in mid-year 2013. In testimony before Oversight & Investigations subcommittee of the House Committee of Veterans Affairs, Acting Assistant Secretary OI&T and Chief Information Officer Stephen Warren stated he was not aware of any security breaches last June. (https://youtube/watch?v=cdSzdEQfSQc) If anyone is expecting an honest and forthright accounting of the ‘defect’ incident, it is doubtful that will happen. The legacy of the Office of Information and Technology is one of deceit, deception, and total thumbing of any accountability. Prudent Action to Protect and Verify Your Information on eBenefits • Change your password immediately. • Use a mixture of upper and lower case letters, numbers and symbols. • Do not use easy to guess words or patterns on the keyboards. • Schedule to change your password in 60 days. • Verify your personal information. • Banking information was breached. Verify routing numbers and account numbers. • Personal information was breached. Verify names, addresses, etc. • Medical information was breached. Review documents with eBenefits. • CHECK YOUR DATA, AGAIN. • Be a good battle buddy and pass along this information.
Posted on: Thu, 23 Jan 2014 20:18:42 +0000
Trending Topics
Recently Viewed Topics
© 2015