In August, a Veterans Benefit Administration office in Boston distributed over 6,000 summary letters to incorrect addresses.
According to a VA update on data breaches, 3,936 of the letters contained a full social security number while 2,386 had a complete VBA claim number. The VA’s report on data breaches to Congress also stated that the breach was caused by a programming error.
Performance Analysis & Integrity, a contractor held responsible for the mailings, merged veteran information with old addresses compromising the security of thousands of veterans’ social security numbers. Letters were also folded so that the addressee’s name could not be seen through the plastic window increasing the likelihood of the letters being opened.
“Realistically, you would think that they were not actually opened by the recipient that received them incorrectly,” stated VA CIO Roger Baker. “But we have no way of knowing, and so the right approach is to provide notification and credit monitoring to any of those veterans that would like it.”
Since the mailing of the letters, the VA has contacted each veteran associated with the breach to explain any potential credit risks and to offer credit protection services sponsored by the VA. They have also delivered the original benefits summaries to their rightful owners.
Photo thanks to mrjoro under creative common license on Flickr.