The U.S. Department of Veterans Affairs Office of Management (VA) has announced that it is notifying approximately 46,000 veterans that their personal information was compromised when hackers were able to access an online application that allowed them to divert payments designated for community health care organizations that provide medical care to veterans to the hackers’ bank accounts.
It is being reported that the hacker(s) used social engineering methods to exploit user authentication protocols in order to access the application and change payment information to divert the payments to new bank accounts. The VA took the application offline and is investigating the incident.
The VA is mailing letters to the veterans (or, as applicable, their next of kin) whose information was compromised and is offering credit monitoring to those whose Social Security numbers may have been involved.