New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Veteran Affairs Data Breach

The U.S. Department of Veteran Affairs (VA) has suffered a data breach that exposed the personal information of over 46,000 veterans. In the data breach notification, the VA states that the attackers breached their systems to redirect payments that were earmarked for health care providers who helped veterans. During an internal investigation, it was determined that the attackers gained access to the VA through social engineering and by exploiting authentication protocols. To stop further harm, the VA shut down access to its systems until the investigation could be completed. While the VA has not stated what information was released, due to the nature of the breach, it potentially contained veteran’s names, addresses, SSNs, phone numbers, and possibly private medical information. The VA is contacting all affected individuals, including the next-of-kin of deceased veterans, to warn them of the risk to their data. All veterans whose SSNs were exposed will also be receiving free credit monitoring services.

Analyst Notes

With the unclear nature of the leaked information, it is strongly advised that all affected individuals closely monitor their credit history and bank accounts for fraudulent activity. If any odd activity is found, the victim should immediately contact the VA and associated companies to report the fraud. A more proactive approach to preventing fraud is to place a credit freeze on file with all the major credit bureaus. That will prevent anyone from opening new credit accounts using the stolen personal information. This type of information is commonly used for targeted phishing campaigns, so victims should be wary of emails that pretend to be the VA and ask for additional personal information. If an email is received that asks for such information, the VA should be contacted directly to verify the email’s legitimacy. Lastly, if credit monitoring is offered, it is highly recommended to take advantage of it.

Source Article: