The U.S. Department of Veterans Affairs should pay vendors to protect the credit of as many as 20 million veterans and their families after a hearing revealed overseas hackers have accessed VA databases, lawmakers said.
At least eight foreign organizations have hacked into VA databases or are trying to do so, Jerry Davis, a former deputy assistant secretary for information security at the agency, said at a House Veterans’ Affairs panel subcommittee hearing last week.
U.S. Representatives Jeff Miller, a Florida Republican who heads the committee, and Mike Michaud, a Maine Democrat who is the panel’s ranking minority member, criticized the VA for failing to notify Congress of those security breaches. The agency needs to do more to protect former troops’ Social Security numbers, birthdates and addresses from identity thieves, the lawmakers said today at a press conference.
“The chances are pretty good that information was in fact removed,” Miller said. “Unfortunately, we don’t know until somebody actually comes up and says their information was used in a nefarious way. That’s why we’re asking the VA to provide credit monitoring for veterans.”
There are “multiple state actors” trying to hack VA systems as well as groups of thieves trying to steal information as a “money-making activity,” Stephen Warren, the acting assistant secretary for the department’s Office of Information and Technology, said during the hearing this month. Department officials don’t know what files were removed from their system, he said.