VA hacked, unsure what was stolen
Apparently, when the VA isn’t getting their computers stolen, compromising personal data, the Chinese and other nations are hacking into the VA’s systems – and it’s been happening for years, according to the Washington Examiner.
At least eight different state-sponsored organizations have breached the security of VA data networks since at least March 2010, said Jerry Davis, who until February was the chief information security officer at VA.
“I learned that these attackers were a nation-state sponsored cyber espionage unit and that no less than eight different nation-state sponsored organizations had successfully compromised VA networks and data, or were actively attacking VA networks, attacks that continue at VA to this very day,” David said in written testimony
This stems the VA transmitting sensitive information, including medical records and personal information, over unsecure and unencrypted networks.
The worst part is that the VA doesn’t even know what has been stolen:
A foreign government hacked into Department of Veterans’ Affairs computers and stole data on as many as 20 million veterans, then covered its tracks by encrypting files before exporting them, according to congressional testimony today.
As a result, VA officials do not know what was stolen, a top VA official told the House Veterans’ Affairs Subcommittee on Oversight and Investigations. Potentially, the breach could be complete personal and medical records on everyone in the VA’s files, said Rep. Mike Coffman, R-Colo., the subcommittee chairman.
“These actors have had constant access to VA systems and data, information which included unencrypted databases containing hundreds of thousands to millions of instances of veteran information such as veterans’ and dependents’ names, Social Security numbers, dates of birth and protected health information,” Coffman said.
So, they’ve known about it for years and have still done nothing about it – way to take care of veterans.
Cross-posted from After the Army.
Category: Veterans Issues, Veterans' Affairs Department
Lovely.
@1 Agreed. Just f@cking beautiful.
Well. Isn’t that special.
I guess the Chinese really needed to know about my hemmorhoids.
@4
GREAT, now we *ALL* know. 😀
great, my SSN, DOB and full name are now being used by Lo Ping in Hong Kong, or Ivan in St Petersburg to do god only knows what.
If you guys get emails about winning the $10 million from a Prince in Washington State, they aren’t from me. They are from some ass clown that now, possible, has my VA information!
What happened to cyber security? I mean I understand that with enough knowledge and perseverance most computers can be hacked. But for shits sake, the VA! When I worked on the local DOE reservation they had sales of surplus computers all the time. Never, ever wiped a drive. Responsible buyers finally let the local paper know about the things they found on these hard drives and it stopped…the sales not the wiping of systems. For a government which is suppose to be entrusted with the security of not just our nation but its information, they are doing on hell of a job with stories like this.
Umm, was the VA planning on telling anybody about this? We had to hear about it from the Washington Examiner?
I am dumbfounded given the amount of “privacy” training as well as the regulations as a VA Employee I have to adhere to, and it means squat once we enter a Vets information onto the computer…
unfrigging believable.
Here we go, again. As PN asked what we’re all thinking, I will try to answer; no.
The next question is; what the fuck are they going to do to shore up security in the future?
@10 They will promise not to use ADMIN as their password anymore.
UFB! I’ve been retired for 5 years and every year since I retired, I seem to get a letter from the Navy, TriCare or, not, the VA about some dumbass who can’t seem to encrypt info, leaves a laptop in a car, update firewall software or some other stupid shit!!!
Maybe I should send a bill to the VA/Navy/TriCare for my annual fee to LifeLock since they can’t seem to keep my PII safe….
So, we get our info hacked, and they don’t tell us. However, now most of our PII is out there and usable by the highest bidder? This is complete bullshit.
I wonder if it’d be too much to ask those Chinese hackers if they could process some claims while they’re snooping around. It’d sure help Shinseki out.
@14: Have ya noticed that no one is mentioning what a bang-up job Shinseki is doing?
@15: Shitstain is going to send us out some fuchsia berets to make us feel like we are part of the VA “team”….
So it’s a pretty safe bet that their secret plans to create a high speed processing system for veterans’ claims and implementing friendly helpful service in honor of all veterans is gone missing too?
VoV – no, it was fully on-line and they were just getting started processing claims – when suddently these U/I hackers came in and screwed it all up. Fortunately Shinseki has a cousin who runs a software house and for just $1,000,000,000,000,000 he will fix it by 2030.
@18. And a free beret to the first 100 customers!
@5. Yeah. I’m saving that for the conversation at the dinner table tonight. Right after Grace, it’ll be, “Did you hear? Virtual Insanity has the hemmies!”
Kinda glad I never got into the system. Should have, but always figured that since they made a mistake with my amount of active duty time, I really, REALLY didn’t want to give them any more data to screw up.
It’s just easier to avoid them. Even though I have known some very nice and very competent people who work there, the system seems to be overloaded with incompetence. And there are huge regional differences. This doesn’t happen to be one of the better ones.
But this? This is beyond outrageous on steroids.
How many years? Joe
Imagine that.
Oh, well that’ll be where all the missing decorations, assignments, and entire DD-214s that the stolen valor crowd claim ended up – stolen by the Chinese or something. Even though the VA has nothing to do with those records…
@2/17–I hope the Chinese hackers see pictures they can’t mind-bleach out.