Cybersecurity: 46,000 Veterans’ personal information exposed in data breach

*Hackers were able to infiltrate our systems by using social engineering techniques, exploiting authentication protocols, says US Department of Veterans Affairs

*Gaming hardware company Razer misconfigured one of its Elasticsearch servers, leaving information available to public and indexed by public search engines ─Researchers

Isola Moses | ConsumerConnect

Although the cybercriminals failed to gain an unauthorised access to the agency’s systems with the aim of stealing payments meant for healthcare providers offering treatment to veterans, the United States (US) Department of Veterans Affairs (VA) has disclosed that about 46,000 veterans had their personal information exposed in a recent data breach.

ConsumerConnect gathered the VA, in an announcement Monday, September 14, said that hackers gained unauthorised access to their systems with the aim of stealing payments.

According to the Department, the payments were appropriated for healthcare providers who provided treatment to veterans.

Some veterans may have had their social security number leaked, report stated.

The VA said: “The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the­ medical treatment of Veterans.

“The FSC took the application offline and reported the breach to VA’s Privacy Office.”

However, the hackers were able to breach the system by “using social engineering techniques and exploiting authentication protocols.”

The agency said it’s launching a security review.

It added that “to prevent any future improper access to and modification of information, system access will not be re-enabled until a comprehensive security review is completed by the VA Office of Information Technology.”

The Department stated that it was notifying veterans whose information was exposed in the breach.

In cases where the affected veteran is deceased, the Department will notify the next-of-kin.

“The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised.

“Veterans whose information was involved are advised to follow the instructions in the letter to protect their data.

“There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident,” said the VA.

Likewise, security researchers have warned that scammers could launch phishing attempts using leaked information.

Gaming hardware manufacturing company Razer accidentally leaked the data of as many as 100,000 customers, according to security researcher Bob Diachenko.

Diachenko in a report stated that the company misconfigured one of its Elasticsearch servers, leaving information available to the public and indexed by public search engines since August 18.

The information leaked included customers’ full names, emails, phone numbers, and shipping addresses.

It took Razer several weeks to respond to Diachenko, but the company finally responded and said it fixed the misconfiguration on September 9.

The company claims that passwords and credit card information weren’t involved in the leak, it was leanrt.

The company told Diachenko that “we would like to thank you, sincerely apologise for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems.

“We remain committed to ensure the digital safety and security of all our customers.”

It is noted that improperly accessed information could be used by scammers to carry out phishing attempts.

Diachenko, therefore, urges gamers to “be on the lookout for phishing attempts sent to their phone or email address.”