NORFOLK -- An internal memo prepared by top IT professionals inside the U.S. Department of Veterans Affairs says the agency’s computers that hold private information for hundreds of thousands of military veterans are essentially wide open.
A 13News Now investigation obtained a copy of the memo from the House Committee on Veterans’ Affairs.
The memo was prepared in July after a security assessment had been performed on the agency’s data. It doesn’t mince words when talking about the potential for a breach.
“It is practically unavoidable that a data breach to financial, medical, and personal Veteran and employee protected information may occur within the next 12 to 18 months, with no way of tracking the source of the breach,” the memo reads.
Despite the dire warning, veterans were faced with a data breach in January of 2014 when personal information for veterans became accessible to other users on the VA’s e-benefits site.
Cybersecurity expert Jeri Prophet said the VA should have used that memo as a call to act.
“Something was blaringly, obviously wrong with that data network to say if it is like this, you know, there is a definite vulnerability,” Prophet said. “The fact that no one took time to address it or look at it, I mean, that’s negligent.”
Congressman Jeff Miller (R-FL), chair of the House Committee on Veterans’ Affairs, said he’s been voicing concerns over the lack of data security at the agency for the past year.
“It’s unacceptable that the VA has been very slow to react,” Miller said. “What little reaction they have had has been minimal at best.
January’s security breach is just the latest in a string of incidents that have put veterans’ private information at risk.
The Navy Times reported in 2010 that roughly 3,800 veterans’ personal information was compromised when an unencrypted laptop with confidential data was stolen.
In a statement to 13News Now on Thursday, the VA said the memo provided by the House Committee on Veterans’ Affairs was focused only on specific risks and not the agency’s entire data network.
“VA takes seriously its obligation to properly safeguard any personal information within our possession,” the statement said. “VA has in place a strong, multi-layered defense to combat evolving cybersecurity threats.”
“VA is committed to protecting Veteran information, continuing its efforts to strengthen information security, and putting in place the technology and processes to ensure Veteran data at VA are secure.”
Prophet, who is a Navy veteran herself, said the string of security breaches could have far-reaching ramifications for veterans whose information is stolen. She suggested veterans and their families begin monitoring their credit for any irregularities.
“As a fellow veteran it’s upsetting because that’s my data,” Prophet said.