Tens of Thousands of Veterans Had Their Medical and Financial Data Exposed

Split image: a man in camouflage clothing listening during a session on the left; on the right, a small group in military attire supporting an emotional woman.

The people who served this country deserve to have their most sensitive information protected. But a string of recent cybersecurity failures makes clear that protection is falling short — and veterans, active-duty troops, and military families are paying the price.

Group of elderly men, many in wheelchairs, seated indoors at long tables facing an open patio area, gathered together in a communal setting with sunlight streaming across the floor.


A data breach at a CPAP medical supplier in late 2025 exposed the personal information of approximately 90,000 people, including a significant number of active-duty service members and veterans.

A Pattern of Breaches Targeting Military and Veteran Health Data

In late 2025, a data breach at a CPAP medical supplier exposed the personal information of roughly 90,000 people, a significant portion of them active-duty service members and veterans. According to SecurityWeek, the compromised data included names, addresses, and medical information — exactly the kind of sensitive details that make identity theft and fraud possible. Malwarebytes Labs confirmed that the breach specifically touched troops and veterans who rely on CPAP devices for sleep apnea, a condition disproportionately common among military personnel.

That breach alone would be alarming enough. Then came 2026.

A cyberattack on a TRICARE-affiliated contractor compromised the data of nearly 12,000 military health care beneficiaries. Military Times reported that affected individuals were notified their Department of Defense Benefits Numbers — and in some cases their Social Security numbers — had been exposed. As TechRadar noted, Social Security numbers in the wrong hands open the door to a wide range of financial crimes, from fraudulent credit accounts to tax fraud.

Small group discussion with a man in military clothing speaking while others listen in a counseling or meeting environment.

In 2026, a cyberattack on a TRICARE-affiliated contractor compromised the data of nearly 12,000 military health care beneficiaries.

Why Veterans Are Especially Vulnerable

Veterans and military families aren't just incidentally caught up in the broader epidemic of health care data breaches. They are specific, high-value targets. Their records often contain a combination of government identification numbers, medical histories, disability ratings, and benefits information. That mix is particularly useful to bad actors engaged in identity theft, benefits fraud, or even targeted scams that exploit military service.

Many veterans already navigate a complex bureaucratic system to access care and benefits. A data breach doesn't just create an abstract risk — it can derail claims, compromise financial accounts, and force people to spend months or years cleaning up damage they didn't cause.

Overhead view of several people in military attire seated in a circle, engaged in a group conversation with a facilitator taking notes.

The issue is not a lack of guidance on how to fix known vulnerabilities — it is the incomplete implementation of existing recommendations.

The Gap Between Recommendations and Action

Cybersecurity watchdogs have repeatedly identified vulnerabilities in the systems that store veterans' medical records and complaint data, and they've issued recommendations to address them. The problem isn't a lack of guidance. It's that full implementation of those recommendations has lagged — leaving known gaps in place while real breaches continue to occur.

The Veterans Affairs system holds some of the most personal information imaginable: mental health records, details of service-connected injuries, complaint histories that veterans have filed in confidence. Leaving those records inadequately secured isn't a technical footnote. It's a failure of the basic obligation owed to people who served.

Close-up of a man wearing a military-style shirt and dog tags being comforted by someone placing a hand on his shoulder.

Veterans navigate a complex system of health care and benefits bureaucracy that becomes significantly more difficult when personal data is compromised.

It's Time to Demand Better

The breaches described here are not hypothetical future risks. They have already happened, affecting tens of thousands of veterans and military families. Each unimplemented cybersecurity recommendation is a door left open. The Secretary of Veterans Affairs has the authority to close those doors — and veterans deserve nothing less than that commitment, now.

Click below to make a difference.

Matthew Russell

Matthew Russell is a West Michigan native and with a background in journalism, data analysis, cartography and design thinking. He likes to learn new things and solve old problems whenever possible, and enjoys bicycling, spending time with his daughters, and coffee.

Back to blog
Customers Also Viewed

Shorts, Tees & Lounge Favorites

Recommended Just For You
Recently Viewed & Trending Items