The American Legion on Wednesday told the Department of Veterans Affairs (VA) that it needs to do a better job in protecting veterans personal information after the veterans eBenefits website exposed veterans online account information to others veterans and possibly to non-veterans.
The breach or software defect exposed online accounts of about 5,000 or more veterans to unauthorized users.
American Legion National Commander Daniel M. Dellinger said that he continues to wonder why such data breaches continue to plague the department as this is not the first time such a breach has occurred.
“We’ve seen VA expose sensitive information about veterans before,” Dellinger said.
“Now it has happened with the relatively new eBenefits website. How can VA expect our veterans to file for benefits online when they may be risking identity theft by doing so?”
Dellinger said that the VA’s Data Breach Core Team (DBCT) is reviewing the eBenefits failure.
FCW revealed that the DBCT team includes members of the Veterans Health Administration, Veterans Benefits Administration, the Office of General Counsel, staff attorneys, the Office of Public Affairs, the Office of Congressional Affairs, the Board of Veterans Appeals, human resources staff, and the office of Acquisition and Logistics.
Although the VA stated to the American Legion that once they figure out which veterans were affected, the VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA’s standard practice.
Dellinger said that the VA’s response of “may” include free credit monitoring is unacceptable.
“There should be no ‘may’ in that statement. We want VA to guarantee credit-monitoring services for every individual whose personal information may have been breached. That is the least VA can do to atone for its latest compromise of data,” Dellinger said.
“These data breaches need to stop," he said. “VA can’t continue to expose our veterans to identity theft. VA needs to take care of defective software before rolling out any online system.”
Over the past several years, the VA has had several security breaches and at least nine of those data breaches have occurred since 2010.
The latest VA security breaches by the Department of Veteran Affairs are outlined in this VA report, as required by Public Law 109-461 for the month of November 2013.
No security breach reports have been released by the Department of Veteran Affairs for the month of December 2013.