The Washington Post

Software glitch exposed thousands of veterans’ private information

A software glitch with a Department of Veterans Affairs benefits portal allowed users to access one another’s private information, alarming some veterans groups and lawmakers, who see the incident as the latest mani­festation of an ongoing security problem.

The issue arose last week on a joint VA-Defense Department site that allows veterans and their dependents to access medical and educational benefits, dis­ability claims, bank information and military personnel records, among other sensitive data.

More than 5,300 users may have been affected by the glitch, according to initial VA estimates.

VA shut down the eBenefits system on Jan. 15 and brought it back online Sunday. The agency said in a statement Tuesday that it “conducted a full review of the software issue and reinforced its security posture, after determining that the defect had been remedied and the portal was functioning properly.”

“We offer our sincere apologies to any service member, veteran or family member impacted by the software defect and the downtime,” VA said.

An internal VA memo says about 20 veterans contacted the agency on Jan. 15 to report that they could see the accounts of other users when they logged on.

The defect has raised concerns among lawmakers and veterans organizations. Some of the groups say their members are growing weary of such mistakes.

“We’ve seen VA expose sensitive information about veterans before,” the American Legion’s national commander, Daniel M. Dellinger, said in a statement Wednesday. “Now it has happened with the relatively new eBenefits website. How can VA expect our veterans to file for benefits online when they may be risking identity theft by doing so?”

In a statement Wednesday, Rep. Jeff Miller (R-Fla.), chairman of the House Veterans Affairs Committtee, criticized VA for a “string of alarming IT security setbacks” and called on the department to offer credit-monitoring services to every veteran and dependent in its database. He also said that VA Secretary Eric K. Shinseki must hold the agency’s leadership accountable for the “ongoing failures and unreasonable risks in IT security.”

VA said it is reviewing the mishap and will determine an exact number of users affected by the glitch. The agency also said it will provide free credit monitoring for any affected individuals.

The eBenefits system has about 3.4 million users, according to VA.

The House committee has been investigating VA’s IT security practices since last year. The panel learned during a June hearing that the agency’s computer network had been compromised by multiple individuals since March 2010, prompting a series of inquiries from lawmakers.

Miller and the committee’s ranking Democrat, Rep. Michael H. Michaud (Maine), wrote Shinseki in June requesting information about earlier problems.

“It is known for certain that some of the areas in the system that were compromised included unencrypted personally identifiable information regarding veterans and their dependents,” the letter said.

Since June, lawmakers have sent dozens of questions to Shinseki about VA’s information security practices, and some have grown frustrated with the agency’s response times. Miller has issued weekly letters to the secretary listing the outstanding information requests.

VA said in a statement Wednesday that it “respects Congress’ important oversight role and is committed to providing timely and accurate information.” The agency added that it has dealt with more than 85,000 congressional requests during the past four years.

The problems with the eBenefits site were first revealed on the online news site FedScoop.

On Monday, the site quoted a veteran as saying he accidentally changed the information of another user before noticing the glitch, suggesting veterans were able to alter accounts other than their own.

Josh Hicks covers Maryland politics and government. He previously anchored the Post’s Federal Eye blog, focusing on federal accountability and workforce issues.

The Freddie Gray case

Please provide a valid email address.

You’re all set!

Campaign 2016 Email Updates

Please provide a valid email address.

You’re all set!

Get Zika news by email

Please provide a valid email address.

You’re all set!
Comments
Show Comments
The South Carolina GOP primary and the Nevada Democratic caucuses are next on Feb. 20. Get caught up on the race.
Past South Carolina GOP primary winners
South Carolina polling averages
Donald Trump leads in the first state in the South to vote, where he faces rivals Ted Cruz and Marco Rubio.
South Carolina polling averages
The S.C. Democratic primary is Feb. 27. Clinton has a significant lead in the state, whose primary falls one week after the party's Nevada caucuses.
62% 33%
Quoted
We'll have half a million voters in South Carolina. I can shake a lot of hands, but I can't shake that many.
Sen. Marco Rubio, speaking to a group of reporters about his strategy to regain support after a poor performance in the last debate
Fact Checker
Sanders’s claim that Clinton objected to meeting with ‘our enemies’
Sanders said that Clinton was critical of Obama in 2008 for suggesting meeting with Iran. In fact, Clinton and Obama differed over whether to set preconditions, not about meeting with enemies. Once in office, Obama followed the course suggested by Clinton, abandoning an earlier position as unrealistic.
Pinocchio Pinocchio Pinocchio
The complicated upcoming voting schedule
Feb. 20

Democrats caucus in Nevada; Republicans hold a primary in South Carolina.

Feb. 23

Republicans caucus in Nevada.

Feb. 27

Democrats hold a primary in South Carolina.

Upcoming debates
Feb 13: GOP debate

on CBS News, in South Carolina

Feb. 25: GOP debate

on CNN, in Houston, Texas

March 3: GOP debate

on Fox News, in Detroit, Mich.

Campaign 2016
Where the race stands

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.