Since 2010, foreign state sponsored organizations have repeatedly compromised an unencrypted database maintained by the Veterans Affairs Department that contains personally identifiable information on roughly 26 million veterans.
Including at least eight foreign-sponsored organizations, mostly connected to the Chinese military had successfully compromised VA networks and data. Other than this, possibly Russia were identified as likely culprits in the attempts to steal VA data.
Details regarding exactly what information has been compromised are sparse, but unencrypted data included names, dates of birth and Social Security numbers of veterans that could be used to commit credit and identity fraud.
Lack of basic security controls, such as encryption of data, make VA an easy target. The 2006 breach was caused by the theft of a VA employee's laptop, which contained personal information on about 26 million veterans and military personnel.
From another report, The March audit showed sensitive VA data was being transmitted without encryption over unsecure networks, a problem that has not been fixed. The Veterans Health Administration is the nation's largest integrated healthcare system.
Because the data thieves encrypted the files they stole, VA officials cannot determine what was taken.