By Barnini Chakraborty, ,
Published January 12, 2017
Thousands of veterans may have had their personal information broadcast online following a major "defect" on a popular benefits website run by the Defense and Veterans Affairs departments.
According to multiple complaints, veterans who logged onto the eBenefits site to check personal claims and benefits information were redirected to other veterans' files.
“I went into my folder to check on the status of my claim and it said ‘sexual trauma’,” one veteran told FoxNews.com on Tuesday. “It definitely was not mine. There were also lines of erroneous web code. You could tell there was a coding software error.”
The veteran, who has a computer background and asked to remain anonymous out of fear of retaliation, said he then logged off the site completely, but again encountered the same error.
“I logged off, logged back in and it was the same thing,” he said. “Every time I’d log back in, I would get another person’s information.”
Names, addresses, bank routing numbers and medical conditions – both current and past -- were among the information made available via the data breach last week.
The VA issued a statement Friday afternoon acknowledging the “software defect.”
“VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems,” the agency said.
It also said that the VA’s independent Data Breach Core Team would conduct a full review and that based on the number affected by the problem, the VA “will take the appropriate response, which may include free credit monitoring for the affected individuals.”
An official said up to 5,351 people may have been impacted, out of a total 3.38 million users. A "final determination" on the number affected has not yet been made.
This isn’t the first time the VA has had a problem with privacy – in 2012, thousands of veterans had their personal information compromised when data was released to Ancestry.com, and posted.
In 2009, the VA agreed to pay $20 million to veterans for exposing them to possible identity theft in 2006 by losing their sensitive personal information.
The settlement was part of a class-action law suit filed by five veterans groups accusing the government of invasion of privacy.
In 2006, a VA data analyst said he had lost a laptop and external drive containing the names and Social Security numbers of as many as 26.5 million veterans and active-duty military men and women.
The laptop that contained the information was later found intact but the damage had been done. The VA inspector general report that followed harshly criticized both the data analyst and his supervisors for putting veterans as risk.