"It gave me a different person's name, each and every time I came back," Woodland said. At first I thought it was just a glitch, but the more I thought about it, I said, wait a minute, this is more than a glitch, this is a breach."
Woodland was on the VA's E-Benefits website trying to track down his own history for a bank loan. Instead, windows kept popping up displaying other veterans' medical and financial information.
"When you click on these hyperlinks here, it takes you to the bank account, the direct deposit, bank account, last four, what bank is it for," Woodland said. "I'll bet he has no idea that I'm sitting here in my house with his information."
Woodland said he called the Department of Defense, the VA, and Senator Kay Hagan's office, but he didn't get any response until Thursday morning. Then, the website went down and an email came from the DOD asking him to scan the few pages he printed out and email them over.
"Already I see the blame game going. It's the VA. No, it's the DOD. It's going to bounce back and forth, but can you prove it's an isolated incident?" Woodland said.
Woodland wonders if the breech was internal or intentional and worries that there is not enough being done to find out the answers.
"I don't want these veterans' private information to continue to bounce around out there in no man's land," he said.
The VA issued a statement to ABC11 Friday:
The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information. Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal eBenefits, VA discovered a software defect. During that limited timeframe, some Veterans and Servicemembers who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users. VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems. VA is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.
VA's independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA's standard practice.