The Washington Post

VA software glitch exposed veterans’ personal information


A software glitch last week with an online Veterans Affairs benefits portal exposed private information from military veterans to virtually anyone who could log onto the system, according to VA officials.

The problem arose on a joint VA and Defense Department site that allows veterans and their dependents to access medical and educational benefits, disability claims, bank information and military personnel records, among other sensitive data.

Initial estimates indicate more than 5,300 users may have been affected by the glitch, according to a VA official with knowledge of the situation.

(REUTERS/Kacper Pempel) (REUTERS/Kacper Pempel)

The VA shut down the eBenefits system on Wednesday and brought it back online on Sunday. The agency said in a statement on Tuesday that it “conducted a full review of the software issue and reinforced its security posture, after determining that the defect had been remedied and the portal was functioning properly.”

“We offer our sincere apologies to any service member, veteran or family member impacted by the software defect and the downtime,” the VA said.

An internal VA memo says about 20 veterans contacted the agency on Jan. 15 to report that they could see the accounts of other users when they logged onto the site.

The problems were first reported in a Jan. 17 article from the online news site FedScoopA follow-up article on Monday quoted a veteran saying he accidentally changed the information of another user before noticing the glitch, suggesting veterans were able to alter accounts other than their own by simply logging into the system.

The VA said it is reviewing the mishap and will determine an exact number of users impacted by the glitch. The agency also said it will provide free credit monitoring for any affected individuals.

The eBenefits system is used by about 3.4 million users, according to the VA.

The House Veterans Affairs Committee have been investigating the VA’s IT security practices since last year. Its members have been questioning the agency since at least June, when the panel learned that its computer network had been compromised by multiple individuals since March 2010.

In a June letter to VA Secretary Eric Shinseki, Reps. Jeff Miller (R-Fla.) and Michael Michaud (D-Maine), who head the committee, wrote: “It is known for certain that some of the areas in the system that were compromised included unencrypted personally identifiable information regarding veterans and their dependents.”

Since then, members of the panel have sent dozens of questions to Shinseki about the VA’s IT security practices.  Some lawmakers have grown frustrated with the agency’s response times. Miller has sent weekly letters to the secretary listing the outstanding information requests.

Follow Josh Hicks on TwitterFacebook or Google+. Connect by e-mail at  josh.hicks@washpost.comVisit The Federal Eye, The Fed Page and Post Politics for more federal news. E-mail with news tips and other suggestion.

Josh Hicks covers Maryland politics and government. He previously anchored the Post’s Federal Eye blog, focusing on federal accountability and workforce issues.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Next Story
Josh Hicks · January 21, 2014

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.