The Veterans Affairs Department allegedly disclosed sensitive personal information on millions of US citizens, including the spouses, doctors, and dependents despite warnings. The data breach was reported by an internal watchdog, who claimed that the practice had been occurring for over three years. In a report published last week, the VA Inspector General stated that the Veterans Benefits Administration could face legal consequences under the Privacy Act of 1974 as a result of disclosing personally identifiable information.
During an Audit, the IG found more than 1,000 unredacted names and social security numbers in a sample of just 30 claims requests out of an estimated 379,000 requests over the three years in which the policy was in use. The IG stated that VBA could have potentially released an enormous amount of this data and that the policy permitted VBA to expose sensitive information like addresses and bank accounts. Individuals were not notified that VBA was releasing this data, and the director of the VA’s Privacy Service claimes she did not know the policy existed. After reading the policy, she stated that it was entirely inappropriate and flawed based on common sense knowledge.
Read More: VA Released Millions of People’s Personal Data Despite Known Risks