Breach on Affects 2,200

U.S. Veterans' Information Mistakenly Posted
Breach on Affects 2,200

The U.S. Department of Veterans Affairs is offering free credit monitoring to more than 2,200 military veterans whose personal information, including Social Security numbers, was mistakenly posted on the website for about eight months.

See Also: Live Webinar | Cybersecurity in Healthcare Supply Chains: A CISO Perspective

No personal health information was involved in the breach incident, the VA noted.

The genealogy website had requested, through the Freedom of Information Act, that the VA release data about deceased veterans. In December, the daughter of a veteran reported to the VA that her living father's personal information was on the website, and the VA determined that it had mistakenly provided information about thousands of living veterans. The website then immediately removed all the information the VA had supplied, says Jerry Davis, the VA's chief information security officer.

So far, there's no indication that any of the veterans' personally identifiable information was misused while it was posted on the site. But the VA is notifying those affected to offer them free credit monitoring and encourage them to take steps to protect against identity theft. Roger Baker, the VA's CIO, said in a Jan. 25 news media conference call that the investigation is continuing to determine if as many as 2,000 additional veterans were affected. If so, they also will receive free credit monitoring.

Based on its obligations under the Freedom of Information Act, the VA released information about more than 14 million deceased veterans, including names, Social Security numbers, dates of birth, dates of death, military branch assignments and dates entering and leaving active duty. The VA has launched an investigation into why information about living veterans was included in its database about deceased veterans. Baker, the CIO, acknowledges that more VA officials need to communicate with each other details about all Freedom of Information Act requests to help ensure only appropriate data is released.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.