The Cellar  

Go Back   The Cellar > Main > Technology

Technology Computing, programming, science, electronics, telecommunications, etc.

Thread Tools Display Modes
Old 01-25-2014, 05:16 PM   #1
Big Sarge
Werepandas - lurking in your shadows
Join Date: Jun 2008
Location: In the Deep South
Posts: 3,408
Cyber Breach Affecting Veterans

Any of you receiving benefits or who have applied for benefits need to check to see if your information was compromised. This is the message I received from the Wounded Warrior Program.

On Friday, 17 January 2014, there was a breach of the eBenefits website that is run by the Department of Defense (DOD) and Department of Veterans Affairs (VA). The VA is conducting an independent investigation. To learn whether your eBenefits information may have been compromised, you can call the VA directly at 1.800.827.1000. And, as always, you can reach out to your Benefits Service team at WWP.
Give a man a match, & he'll be warm for 20 seconds. But toss that man a white phosphorus grenade and he'll be warm for the rest of his life.
Big Sarge is offline   Reply With Quote
Old 01-25-2014, 06:27 PM   #2
Part-time superhero (off shift right now, leave a message)
Join Date: Dec 2013
Location: Her Majesty's United Kingdom of Great Britain and Northern Ireland
Posts: 211
there's a lot of it about, and not in the 'usual suspect' countries or companies either, mostly in sensible places like major physical and online retailers, didn't Microsoft get hacked twice in a week not long ago?

if even tech-aware outfits can get hacked then a Govt department is childs play, the kind of hack you knock out in your lunch break with a sandwich in one hand.
The only dumb question is the one you didn't ask.
Molasar is offline   Reply With Quote
Old 01-25-2014, 06:39 PM   #3
The future is unwritten
Join Date: Oct 2002
Posts: 71,105
An internal VA memo from the Corporate Data Center Operations in Austin, Texas, obtained by FedScoop, said the incident occurred Jan. 15 at 10 p.m. ET when 20 veterans called the VA help desk complaining the eBenefits system had presented them with information belonging to other veterans.

“Veteran A was able to access any of the information available in eBenefits for Veteran B, but it is unknown if Veteran A moved past the initial welcome page,” the memo states. “VA IT specialists are investigating whether or not logs can be pulled showing which pages were accessed. Approximately 10,000 users logged in to eBenefits on Jan. 15 so IT specialists are investigating in attempt to narrow the time frame of when the incident began and ended.”

CDCO is a unique public-private data center partnership known as a Franchise Fund Organization. Authorized by the Government Management Reform Act of 1994, CDCO manages more than 1,800 servers for a multitude of government agencies. It operates on a fee-for-service basis, rather than receiving direct federal funding. VA said in a statement Friday afternoon the incident stemmed from a “software defect” introduced “during a process to improve” the system.

Once the number of users affected by the problem is determined, VA “will take the appropriate response, which may include free credit monitoring for the affected individuals,” according to the statement.
Users could see other peoples data, but no mention of being able to change anything.
Fortunately it looks like this is the same as those credit card breaches, where private information is stolen, rather than benefits been messed with.
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 01-26-2014, 10:11 PM   #4
Read? I only know how to write.
Join Date: Jan 2001
Posts: 11,933
Originally Posted by xoxoxoBruce View Post
Fortunately it looks like this is the same as those credit card breaches, where private information is stolen, rather than benefits been messed with.
Important and unanswered questions are 1) what was stolen, 2) how was it done, 3) by who, and 4) why.
tw is offline   Reply With Quote
Old 01-30-2014, 07:02 PM   #5
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
This looks like the DOD put yet another system in without testing it fully and let it loose on the public. If the government would follow their own rules, this should not be an issue. Since this is a DOD system, they need to follow the DOD Information Assurance Certification and Accreditation Program, or DIACAP for short. They did not, as part of DIACAP is a risk management process and vulnerability assessment.

In other words, nothing new. Film at 11.

Sent from my iPad using Tapatalk
mbpark is offline   Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 03:02 PM.

Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.