The Cellar

The Cellar (http://cellar.org/index.php)
-   Technology (http://cellar.org/forumdisplay.php?f=7)
-   -   Cyber Breach Affecting Veterans (http://cellar.org/showthread.php?t=29873)

Big Sarge 01-25-2014 05:16 PM
Cyber Breach Affecting Veterans
 
Any of you receiving benefits or who have applied for benefits need to check to see if your information was compromised. This is the message I received from the Wounded Warrior Program.

On Friday, 17 January 2014, there was a breach of the eBenefits website that is run by the Department of Defense (DOD) and Department of Veterans Affairs (VA). The VA is conducting an independent investigation. To learn whether your eBenefits information may have been compromised, you can call the VA directly at 1.800.827.1000. And, as always, you can reach out to your Benefits Service team at WWP.

Molasar 01-25-2014 06:27 PM
there's a lot of it about, and not in the 'usual suspect' countries or companies either, mostly in sensible places like major physical and online retailers, didn't Microsoft get hacked twice in a week not long ago?

if even tech-aware outfits can get hacked then a Govt department is childs play, the kind of hack you knock out in your lunch break with a sandwich in one hand.

xoxoxoBruce 01-25-2014 06:39 PM
Quote:
An internal VA memo from the Corporate Data Center Operations in Austin, Texas, obtained by FedScoop, said the incident occurred Jan. 15 at 10 p.m. ET when 20 veterans called the VA help desk complaining the eBenefits system had presented them with information belonging to other veterans.

“Veteran A was able to access any of the information available in eBenefits for Veteran B, but it is unknown if Veteran A moved past the initial welcome page,” the memo states. “VA IT specialists are investigating whether or not logs can be pulled showing which pages were accessed. Approximately 10,000 users logged in to eBenefits on Jan. 15 so IT specialists are investigating in attempt to narrow the time frame of when the incident began and ended.”

CDCO is a unique public-private data center partnership known as a Franchise Fund Organization. Authorized by the Government Management Reform Act of 1994, CDCO manages more than 1,800 servers for a multitude of government agencies. It operates on a fee-for-service basis, rather than receiving direct federal funding. VA said in a statement Friday afternoon the incident stemmed from a “software defect” introduced “during a process to improve” the system.

Once the number of users affected by the problem is determined, VA “will take the appropriate response, which may include free credit monitoring for the affected individuals,” according to the statement.
Users could see other peoples data, but no mention of being able to change anything.
Fortunately it looks like this is the same as those credit card breaches, where private information is stolen, rather than benefits been messed with.

tw 01-26-2014 10:11 PM
Quote:
Originally Posted by xoxoxoBruce (Post 890987)
Fortunately it looks like this is the same as those credit card breaches, where private information is stolen, rather than benefits been messed with.
Important and unanswered questions are 1) what was stolen, 2) how was it done, 3) by who, and 4) why.

mbpark 01-30-2014 07:02 PM
This looks like the DOD put yet another system in without testing it fully and let it loose on the public. If the government would follow their own rules, this should not be an issue. Since this is a DOD system, they need to follow the DOD Information Assurance Certification and Accreditation Program, or DIACAP for short. They did not, as part of DIACAP is a risk management process and vulnerability assessment.

In other words, nothing new. Film at 11.


Sent from my iPad using Tapatalk


All times are GMT -5. The time now is 03:46 AM.

Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.