VA software glitch exposed veterans’ personal information

eye-opener-logo6

A software glitch last week with an online Veterans Affairs benefits portal exposed private information from military veterans to virtually anyone who could log onto the system, according to VA officials.

The problem arose on a joint VA and Defense Department site that allows veterans and their dependents to access medical and educational benefits, disability claims, bank information and military personnel records, among other sensitive data.

Initial estimates indicate more than 5,300 users may have been affected by the glitch, according to a VA official with knowledge of the situation.

(REUTERS/Kacper Pempel)
(REUTERS/Kacper Pempel)

The VA shut down the eBenefits system on Wednesday and brought it back online on Sunday. The agency said in a statement on Tuesday that it “conducted a full review of the software issue and reinforced its security posture, after determining that the defect had been remedied and the portal was functioning properly.”

“We offer our sincere apologies to any service member, veteran or family member impacted by the software defect and the downtime,” the VA said.

An internal VA memo says about 20 veterans contacted the agency on Jan. 15 to report that they could see the accounts of other users when they logged onto the site.

The problems were first reported in a Jan. 17 article from the online news site FedScoopA follow-up article on Monday quoted a veteran saying he accidentally changed the information of another user before noticing the glitch, suggesting veterans were able to alter accounts other than their own by simply logging into the system.

The VA said it is reviewing the mishap and will determine an exact number of users impacted by the glitch. The agency also said it will provide free credit monitoring for any affected individuals.

The eBenefits system is used by about 3.4 million users, according to the VA.

The House Veterans Affairs Committee have been investigating the VA’s IT security practices since last year. Its members have been questioning the agency since at least June, when the panel learned that its computer network had been compromised by multiple individuals since March 2010.

In a June letter to VA Secretary Eric Shinseki, Reps. Jeff Miller (R-Fla.) and Michael Michaud (D-Maine), who head the committee, wrote: “It is known for certain that some of the areas in the system that were compromised included unencrypted personally identifiable information regarding veterans and their dependents.”

Since then, members of the panel have sent dozens of questions to Shinseki about the VA’s IT security practices.  Some lawmakers have grown frustrated with the agency’s response times. Miller has sent weekly letters to the secretary listing the outstanding information requests.

Follow Josh Hicks on TwitterFacebook or Google+. Connect by e-mail at  josh.hicks@washpost.comVisit The Federal Eye, The Fed Page and Post Politics for more federal news. E-mail federalworker@washpost.com with news tips and other suggestion.

Josh Hicks covers the federal government and anchors the Federal Eye blog. He reported for newspapers in the Detroit and Seattle suburbs before joining the Post as a contributor to Glenn Kessler’s Fact Checker blog in 2011.
Comments
Show Comments
Most Read Politics
Next Story
Josh Hicks · January 21