“Veteran A was able to access any of the information available in eBenefits for Veteran B, but it is unknown if Veteran A moved past the initial welcome page,” the memo states. “VA IT specialists are investigating whether or not logs can be pulled showing which pages were accessed. Approximately 10,000 users logged in to eBenefits on Jan. 15 so IT specialists are investigating in attempt to narrow the time frame of when the incident began and ended.”
VA said in a statement Friday afternoon the incident stemmed from a “software defect” introduced “during a process to improve” the system.
The statement said “VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems” and that the agency’s independent Data Breach Core Team “is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.”
Once the number of users affected by the problem is determined, VA “will take the appropriate response, which may include free credit monitoring for the affected individuals,” according to the statement.
In a later story, Fedscoop reports:
The software glitch that forced the Department of Veterans Affairs to take down the eBenefits Web portal over the weekend may have affected far more veterans than initially reported and enabled anyone who was logged in to alter the personal information contained in an unknown number of records.
VA has been investigating a problem with the joint VA-Defense Department eBenefits system since Jan. 15, when several veterans reported being able to see the personal information belonging to other veterans when they logged into the system. An internal VA memo obtained by FedScoop showed approximately 10,000 veterans had logged into the system during the time frame when the glitch was discovered.
But new video footage obtained by FedScoop from Eric Grzelak, a disabled veteran who has tried unsuccessfully to alert VA to the problems, shows the glitch exposed the private records of multiple veterans for every person who was logged in. In addition, Grzelak’s video evidence shows it was possible to alter the records, placing at risk the private information of potentially tens of thousands or more veterans.
We know that we have a lot of readers that are vets and we would suggest that if you use the eBenefits system, you might want to check and verify that your information, claims, history, etc have not been altered either purposefully or accidentally.
(h/t to the folks over at This Ain’t Hell)