https://www.fedscoop.com/veterans-data-breach-va-hack/
Exploit: Unauthorized Access (Credential Compromise)
Department of Veterans Affairs: Federal Agency
Risk to Small Business: 1.667 = Severe The Department of Veterans Affairs (VA) informed affected users on Monday of a data breach that resulted in the exposure of 46,000 veterans’ personal information. The incident stemmed from unauthorized users accessing an application within the Financial Service Center (FSC) to steal payment away from community health care providers. In a statement, the VA said malicious actors used “social engineering techniques” and exploited “authentication protocols” to gain access to the system. Recent additional information that has come to light indicates that 17,000 community care providers may also have been affected.
Individual Risk: 1.806 = Severe No information has been provided about the exact nature of the compromised information. The VA has directed those who suspect that they may have been impacted to email or mail questions to the VA
Customers Impacted: 46,000 veterans and 17,000 medical care providers
How it Could Affect Your Customers’ Business: Social engineering attacks, typically in the form of password theft or phishing, can devastate a business, especially if it results in the compromise of a privileged account.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
