The personal information of approximately 46,000 US veterans was compromised after unauthorized individuals gained access to a Financial Service Center application, the US Department of Veterans Affairs (VA) disclosed on Monday.
According to a press release, the unauthorized users who gained access to the application managed to change financial information and divert multiple VA payments intended for medical treatments of US veterans.
“A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols,” the agency said.
VA’s financial department said that the compromised application was taken offline until it passes a complete security review.
“To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology,” the VA added.
Although the agency took immediate action to mitigate the breach, individuals whose Social Security Numbers may have been compromised are now vulnerable to identity-theft related crimes.
The VA said it would provide free credit monitoring services to affected individuals and will advise additional instructions on how to safeguard personal information.
“To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information,” the statement reads. “The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised.”
The department encourages individuals notified of the data breach to contact the FSC for additional information. “There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident,” the VA added.