A cyberattack at the US Department of Veterans Affairs resulted in the personal information of some 46,000 veterans being made public.
Unauthorized individuals accessed one of the VA Financial Services Center's web applications, diverting funds intended for healthcare providers to pay for veterans' medical care.
The app has been taken offline and won't go back online until the VA has finished its security review.
Those whose Social Security numbers may have been hacked are also being given free access to credit monitoring services by the government.
Source: https://www.cnet.com/news/privacy/veterans-social-security-numbers-leaked-in-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/department-of-veterans-affairs
"id": "usd11419623",
"linkid": "department-of-veterans-affairs",
"type": "Data Leak",
"date": "09/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '46,000 veterans',
'industry': 'Healthcare',
'location': 'United States',
'name': 'US Department of Veterans Affairs',
'type': 'Government Agency'}],
'attack_vector': 'Web Application Vulnerability',
'data_breach': {'number_of_records_exposed': '46,000',
'personally_identifiable_information': ['Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Social Security Numbers']},
'description': 'A cyberattack at the US Department of Veterans Affairs '
'resulted in the personal information of some 46,000 veterans '
'being made public. Unauthorized individuals accessed one of '
"the VA Financial Services Center's web applications, "
'diverting funds intended for healthcare providers to pay for '
"veterans' medical care. The app has been taken offline and "
"won't go back online until the VA has finished its security "
'review. Those whose Social Security numbers may have been '
'hacked are also being given free access to credit monitoring '
'services by the government.',
'impact': {'data_compromised': ['Personal Information',
'Social Security Numbers'],
'downtime': ['Web Application'],
'identity_theft_risk': ['High'],
'systems_affected': ['Web Application']},
'initial_access_broker': {'entry_point': 'Web Application'},
'motivation': 'Financial Gain',
'response': {'communication_strategy': ['Free credit monitoring services '
'offered'],
'containment_measures': ['App taken offline'],
'remediation_measures': ['Security Review']},
'threat_actor': 'Unauthorized Individuals',
'title': 'Cyberattack at US Department of Veterans Affairs',
'type': 'Data Breach'}