VA reports data breach affecting 46,000 veterans

Blue Signage and logo of the U.S. Department of Veterans Affairs  

Scammers trying to divert payments for veterans' medical care compromised an online system belonging to the Financial Services Center at the Department of Veterans Affairs, the agency reported Sept. 14.

The data breach affected 46,000 veterans, with social security numbers among the compromised information.

According to the VA, scammers used information gleaned from a Financial Services Center application and combined it with social engineering to redirect payments owed to community health care providers.

The VA, through the Veterans Health Administration, provides medical care to a population of about 20 million beneficiaries. Legislation passed in 2014 and modified in 2018 permits veterans to seek community care in certain circumstances, depending on how far they live from a VA facility and whether the kind of care they need is available through VA locally. Providers who treat veterans under the Veterans Choice program bill the VA directly.

The agency took the compromised system offline for a security review from VA's Office of Information and Technology. VA is offering credit monitoring services to veterans and other beneficiaries whose social security numbers were revealed in the breach.

The VA did not immediately respond to questions about the timing and duration of the data breach, when it was noticed or how much money was scammed from the agency that was meant to reach health care service providers.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected