House Veterans Committee demands answers on recent VA data breach

The House Veterans Affairs Committee is continuing to press the U.S. Department of Veterans Affairs over its struggles with securing the data of millions of veterans.

Earlier this month, a software glitch on the VA's eBenefits system, an online portal, exposed the personal information of more than 5,000 veterans to anyone who could log onto the system, according to VA officials.

According to Federal News Radio, Rep. Jeff Miller (R-Fla.), chairman of the committee, wrote a letter to VA Secretary Eric Shinseki on Friday asking for answers on the breach.

"It has come to my attention that thousands of veterans have had their personally identifiable information, including medical and financial information, divulged online through the eBenefits portal," Miller wrote. "Unfortunately, these types of breaches continue to occur on a regular basis at the VA, despite multiple assurances that its systems are secure."

The portal had to be shut down and brought back online due to the glitch. In a statement last week, the VA said that it "conducted a full review of the software issue and reinforced its security posture, after determining that the defect had been remedied and the portal was functioning properly."

Roughly 20 veterans contacted the agency before the glitch was fixed to say they could see other users' information when logged onto the site.

According to Federal News Radio, in the Jan. 24 request to the VA, Miller wants to know, among other things:

  • How VA identified and addressed the eBenefits "software defect." In accordance with Office of Management and Budget memorandum 07-16, did VA implement their rules of behavior and enforce their table of penalties to anyone for failing to follow the rules for safeguarding PII?
  • How VA expects to prevent the same "software defect" from occurring again?
  • How VA determined that the eBenefits security and privacy breach was the result of a "software defect" and not a data breach through a system security vulnerability?
  • How many of the 3.4 million veterans enrolled will be offered credit monitoring services as described with the Veterans Benefits Health Care and Information Technology Act of 2006?
  • If Shinseki has appointed a non-VA entity or the VA's inspector general to conduct a risk analysis on the possible eBenefits privacy and security breach.

Miller gave the VA until Friday, Jan. 31 to respond.

"The leisurely pace with which VA is returning requests--and in some cases not returning them--is a major impediment to the basic oversight responsibilities of the committee," a committee spokesman said regarding the data breach, according to Federal News Radio.

The VA introduced eBenefits--which aims to enable quicker processing of disability compensation claims--last summer, and urged veterans and their representatives to use it to get speedier decisions to help reduce the backlog of claims. The system is used by both the VA and the U.S. Department of Defense. 

To learn more:
- read the Federal News Radio article
- see the letter from Rep. Miller (.pdf)