The Department of Veterans Affairs today said initial estimates show as many as 5,351 veterans may have been impacted by a software glitch Jan. 15 that exposed private information and allowed personal data belonging to veterans to be altered.
“VA’s independent Data Breach Core Team is reviewing the issue and believes a relatively limited number of veterans have been affected,” the agency said in response to an exclusive report by FedScoop that detailed the extent of the problems experienced by users of the joint VA-Defense Department eBenefits portal.
Internal VA documents showed 10,000 of the 3.38 million registered users of eBenefits were logged in at the time the glitch was discovered, but the agency said its investigation into the exact number of veterans who may have been impacted has not yet been completed.
VA said its independent data breach team “determine the number of users impacted, their identities and other pertinent facts, and VA is taking the appropriate response, which includes free credit monitoring for any affected individuals, consistent with VA’s standard practice.”
On Jan. 20, FedScoop obtained video footage of the glitch from Eric Grzelak, a disabled veteran who had tried unsuccessfully to alert VA to the problems. The footage showed the glitch exposed the private records of multiple veterans for every person who was logged in. In addition, Grzelak was able to inadvertently alter the records, placing at risk the private information of potentially tens of thousands or more veterans.
“I could see someone’s name, date of birth, Social Security number, what disabilities they had [and] how much they got paid,” Grzelak told FedScoop. “Everything you would look at would pull up someone else’s info. It would change every time you refreshed the page.”
In its statement to FedScoop, VA said it “took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems and prevent further exposure.” VA brought eBenefits back online late Sunday evening.
“VA conducted a full review of the software issue and reinforced its security posture, after determining that the defect had been remedied and the portal was functioning properly,” the agency said. “All eBenefits functionality is now available to use. We offer our sincere apologies to any service member, veteran or family member impacted by the software defect and the downtime.”
The eBenefits portal is managed jointly by VA and DOD, and allows veterans and their dependents to access their medical and educational benefits, claims and a wide variety of forms and military documents. Included in that information is the ability to update direct deposit information, generate home loan certificates of eligibility, view DOD TRICARE medical information, military personnel records and VA payment histories.