VA is among biggest spenders on SolarWinds products; urgent explanations needed about security of sensitive data about veterans & VA operations. VA has cancelled its planned Congressional briefings about the cyberattack & has not been transparent about the impacts of the breach.
[WASHINGTON, D.C.] – U.S. Senator Richard Blumenthal (D-CT), a member of the Senate Veterans’ Affairs Committee, demanded the U.S. Department of Veterans Affairs (VA) answer questions about the impact the SolarWinds cyberattack has had on its network, if any veterans’ sensitive information has been compromised, and what the agency is doing to safeguard its systems. Beginning in at least March 2020, foreign actors believed to be connected to Russian hackers compromised updates for SolarWinds software and were able to install a backdoor on thousands of networks, putting at risk its clients like the VA.
“I am alarmed by the potential threat to the VA and write to urgently request information about the impact of this incident and what steps are being taken to ensure the resilience and confidentiality of the VA mission,” wrote Blumenthal in a letter to VA Secretary Robert Wilkie. “This hack threatens to exacerbate existing privacy concerns and enable hackers to share and sell veterans’ personal information.”
Veterans’ personal information is particularly vulnerable to identity theft because of VA’s reliance on discharge forms and other paperwork that may contain a Social Security number and other sensitive information. Blumenthal’s letter comes as the VA has cancelled its planned Congressional briefings about the cyberattack and has not shared with Congress information about the scope of the attack or what data may have been compromised.
Blumenthal expressed deep concerns about the VA being described as “the biggest spender on [SolarWinds Orion products] in recent years” and SolarWinds touting its extensive work for the agency, writing that this “raises the troubling prospect that the maliciously backdoored software was sitting at the heart of the VA, with unparalleled access to sensitive information.”
A copy of the full letter is available here.