You Fought for Us

Now Let Us Fight for You

Important Tips From Your VA Disability Attorney in Alabama

Published on May 28th, 2021

How to Protect Yourself After the VA Data Breach

If you need the services of a veteran’s benefits lawyer in Alabama, you have come to the right place. At Jackson & MacNichol, we take pride in providing the very best legal services for veterans seeking the benefits they have earned and deserve. Along with you, we were shocked by the recent revelation that almost 190,000 veterans’ benefit claims had been left open, exposed and accessible to anyone with access to the Internet. This is nothing short of outrageous and completely inexcusable.

The Data Breach

Here are the basic details of the data breach as we understand them:

The database belongs to North Carolina-based United Valor Solutions, and the exposed records were discovered on April 18 by security researcher Jerimiah Fowler. He found the database sitting totally exposed on the Internet without even basic password protection.

The exposed database contained private information and financial records of 189,460 U.S. veterans, including patient names, birth dates, contact information, doctor information, and appointment times, all of which could be used in socially-engineered attacks.

Unfortunately that is only the beginning, and the story gets worse. Passwords to the accounts were stored in plain text rather than being strongly encrypted, putting victims at risk of an account takeover. When criminal hackers attain the ability to pair an email address with a password, they’ll often file the information away to be used later in attempts to hijack the account.

Commenting on his findings, Fowler said, “The database was set to open and visible in any browser, and anyone could edit, download and even delete data without any administrative credentials.”

The Information We Have

At present, it isn’t clear how this totally unacceptable situation developed. When Fowler informed United Valor of his discovery, he was informed by the company that their IT contractors had shut down the public access to the database immediately. And the company added that according to its IT contractors, “The data has only been accessed by our internal IP and yours.”

In other words, in plain English, United Valor was basically insisting that it was only an internal mistake and not a hacker attack that caused these highly sensitive records to be exposed to the entire world. Nevertheless, further evidence unearthed by Fowler tells a very different story.

During his research, Fowler found a ransomware message entitled “read_me.” This message claimed that all the information had been downloaded and would be leaked unless the hackers received a ransom of 0.15 Bitcoin, approximately $8,148.

Commenting on the ransom note, Fowler explained that evidence of the outside intrusion into the database should have been found by the forensic audit conducted by United Valor’s contractors, putting into question the contractors’ claim that this was an accidental, internal leak rather than a cyberattack.

Three Possible Scenarios

Amidst this swirl of conflicting explanations, there appears to be three possible explanations for the United Valor data breach:

  • United Valor’s IT contractors have very limited monitoring capabilities.
  • The hackers were highly skilled in hiding traces of their intrusion.
  • United Valor is being less than forthcoming and is trying to avoid consequences for the breach.

The VA is investigating the situation, and a spokesman for the department recently said the data breach could have been caused through an error committed during routine penetration testing of United Valor’s security system, rather than by malicious, outside activity.

Recommended Steps to Protect Yourself

Whatever the ultimate determination of the cause of the United Valor data breach, this event is just one of many revealing an ongoing crisis in our nation. Namely, both criminal elements and foreign adversaries will continue their attempts to hack into our computer networks to do us harm – whether that’s stealing vital information or wreaking havoc with our nation’s infrastructure.

While this is disconcerting, there is both good and bad news to report. The bad news is that as private citizens there is little, if anything, we can do to improve the security of corporate and government databases. On the other hand, the good news is that there are things each of us can do to maintain personal security, both online and off.

Here are four steps everyone should take to protect their most vital information against the ongoing threat of relentless cyberattacks:

1) Delete Old, Unused Accounts

The idea here is to limit your points of online exposure by closing accounts that you no longer use, For example an old eBay account or a PayPal account you haven’t used in many months or even years. By the way, both of these services have experienced breaches of their computer systems.

In this same vein, when making online purchases, consider logging in as a guest rather than creating an account on the company website. If there is no specific advantage to be gained other than eliminating a couple of steps in the checkout process, it is best to avoid storing your credit card number and other vital information on a site that could be breached by hackers.

Another problem related to older, unused accounts is that people often use the same username and password repeatedly, and if hackers get into one of your older accounts, they can use this information to access things like your bank accounts and health records.

2) Sign Up With A Credit Monitoring Service

A reliable credit monitoring site will tell you if your information has been compromised, and that knowledge will help in determining your next course of action. If you’ve suffered a breach involving your bank account or a credit card, signing up with a credit monitoring service like PrivacyGuard or LifeLock should be a priority.

Also, if a company you deal with offers free credit monitoring, accept the offer. They’ll let you know if a new line of credit has been opened in your name, and some will even monitor the dark web to see if anyone has stolen your private information.

3) Change Your Passwords

Even if you’ve never been hacked, experts strongly recommend that you stop using the same password for all of your online accounts. This measure alone can potentially save you from both headaches and financial liability. If you have a tough time remembering all your various passwords, you might consider using a password manager like Dashlane or Keeper. They’ll store hard-to-remember passwords for you and help you create additional passwords that are much harder for hackers to crack.

4) Notify Your Bank and Credit Card Issuers

Credit monitoring services can tell you where your information is being used, but they won’t prevent the opening of fraudulent new accounts in your name. Consequently, you’ll need to contact your bank(s) and credit card issuer(s) to have them monitor your accounts for suspicious activity whenever you believe your information might have been accessed.

VA Disability Attorney near Alabama

While any data hack is worrisome, we hope you’ll find this information helpful when it comes to protecting your assets and your most vital, private information. Additionally, if you are a veteran in or around Alabama, and find yourself in need of legal advice to help secure your VA disability benefits, we urge you to contact our law firm without delay.

Whether you are filing your initial claim, or need to prepare an appeal, your case evaluation is absolutely free. Our-highly experienced VA lawyers are dedicated to helping Alabama veterans receive the service-connected disability compensation every service member deserves.


Back to News
Monthly Disability Benefits
Monthly
disability benefits
Learn More
Total Disability Based On Individual Unemployability
Total disability based
on individual unemployability (TDIU)
Learn More
Veterans Disability Compensation
Veterans
disability compensation
Learn More

Need Legal Assistance?

See How Our Attorneys At Jackson & MacNichol Can Help You

Social Security
Disability


Social Security Disability Insurance payments are available to wage earners who have become disabled. Supplemental Security Income payments are available to those with limited income who are disabled.

We represent SSD cases in Maine, Boston, and the whole of New England.

Veterans Disability
Benefits


As a proud member of the National Association of Veterans' Advocates (NOVA), we offer representation at all stages of the benefits claim process.

We represent Veterans in their disability benefits cases nationwide.

Estate Planning
Services


Estate planning involves more than just writing a will. It’s an active process of evaluating your needs, keeping track of your assets, and determining what legal actions need to be taken to meet your goals and protect your loved ones.

We offer a no obligation, complementary estate planning and asset protection review.

Contact Us Today!   Call toll free (800) 524-3339 or

Get started!