The U.S. Department of Veterans Affairs (VA) Office of Management disclosed a data breach incident that exposed the sensitive information of around 46,000 veterans. In an official release, the authorities stated that one of the Financial Services Center’s (FSC) application was accessed by unauthorized users through social engineering techniques to divert the payments to community care providers for the Veterans’ treatment.
The FSC took the application offline temporarily and reported the incident to the regulators for further investigation. “To prevent any future improper access to, and modification of information, system access will not be re-enabled until a comprehensive security review is completed by the VA Office of Information Technology,” the notice said.
The FSC stated that it will notify the affected users and take necessary actions to prevent and mitigate any potential damage. The department is also offering free credit monitoring services for the affected Veterans in the data breach. “Veterans whose information was involved are advised to follow the instructions in the letter to protect their data. There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident,” the notice added.
Not the First Time
This is not the first time that cybercriminals targeted the Veterans in the U.S. Earlier, security researchers from Cisco Talos discovered a threat group targeting the U.S. military Veterans via a fake job portal promising help for those looking for jobs. To trick users into finding jobs, hacker group Tortoiseshell targeted Americans who are in search of jobs, especially military Veterans via a phony website, hxxp://hiremilitaryheroes[.]com, which is a lookalike of the legitimate website, https://www.hiringourheroes.org.The phony URL directs the victims to another fake site and prompts them to download an app, which is a malware downloader that deploys spying and other malicious tools.