Thank you for signing!

Veterans Gave the Government Their Most Sensitive Data — Tell the VA to Secure It

25 signatures toward our 30,000 goal

0.08333333333333334% Complete

Sponsor: The Veterans Site

Veterans had no choice but to hand over their most sensitive data. The VA has a choice about protecting it.

Man in military camouflage uniform sitting in a counseling session, holding his chest and speaking seriously while a clinician takes notes nearby.

Medical histories. Mental health records. Disability ratings. Benefits data. The men and women who served this country handed all of it over — because they had to, and because they trusted it would be protected. That trust is failing them.

Two Breaches. Tens of Thousands of Victims.

In late 2025, a cyberattack on a CPAP medical supplier exposed the personal data of roughly 90,000 people.4 A significant portion were active-duty service members and veterans — hardly a surprise, given how common sleep apnea is among military personnel. Names, home addresses, and medical details were all compromised.1 The kind of information that makes identity theft not just possible, but easy.

Then came 2026. A cyberattack on a TRICARE-affiliated contractor put the data of nearly 12,000 military health care beneficiaries at risk.3 Department of Defense Benefits Numbers were exposed. So were Social Security numbers — which, in the wrong hands, open the door to fraudulent credit accounts, tax fraud, and financial crimes that can take years to untangle.2

Veterans Are Not Incidental Targets

These breaches are not random. Veterans' records carry a combination of government identifiers, detailed medical histories, and benefits information that makes them high-value targets for bad actors. The damage from a breach goes beyond the digital. Veterans already navigate one of the most complex bureaucratic systems in the country to access the care they earned. A data breach can derail active claims, drain financial accounts, and force people into months or years of damage control — for something that was never their fault.

The Fixes Exist. They Just Haven't Been Made.

Cybersecurity watchdogs have identified specific vulnerabilities in the systems the Department of Veterans Affairs uses to store veterans' medical records and complaint data. Recommendations to address those vulnerabilities exist. The problem is that full implementation has lagged — leaving known gaps open while real breaches continue to happen to real people.

Every unimplemented recommendation is a door left unlocked. Every delay is a choice, even when it doesn't feel like one.

The Secretary of Veterans Affairs Can Act Now

The authority to close these gaps sits with the Secretary of Veterans Affairs. The recommendations are already on the table. What's needed is a commitment to act on them — fully, and without further delay. Veterans answered when their country called. The government's obligation in return is straightforward: protect what they were asked to hand over.

The breaches described here are not warnings about what might happen. They have already happened, to tens of thousands of veterans and military families. More will follow if the known vulnerabilities in VA systems go unaddressed.

Sign the petition now to tell the Secretary of Veterans Affairs to fully implement the outstanding cybersecurity recommendations protecting veterans' medical records and personal information. These heroes kept their end of the bargain. It's time for the VA to keep its.

The Petition

To the Secretary of Veterans Affairs,

The men and women who served this country trusted their government with some of the most sensitive details of their lives — their medical histories, their mental health records, their disability ratings, their benefits information. That trust is being broken, repeatedly, by cybersecurity failures that your department has the authority and responsibility to prevent.

The evidence is not abstract. In late 2025, a data breach at a CPAP medical supplier exposed the names, addresses, and medical information of approximately 90,000 people, a significant number of them active-duty service members and veterans. Sleep apnea is disproportionately common among military personnel, meaning this breach landed squarely on a vulnerable and deserving population. Then, in 2026, a cyberattack on a TRICARE-affiliated contractor compromised the data of nearly 12,000 military health care beneficiaries — exposing Department of Defense Benefits Numbers and, in some cases, Social Security numbers. The consequences of that exposure are not minor. Social Security numbers in hostile hands enable fraudulent credit accounts, tax fraud, and financial crimes that can take victims years to untangle.

Veterans are not simply incidental casualties of a broader cybersecurity crisis. Their records contain a uniquely damaging combination of government identifiers, medical details, and benefits data that makes them high-value targets. Many already spend years fighting through bureaucratic obstacles to access the care they were promised. A data breach can derail active claims, drain accounts, and force people to fight battles they never should have faced — all because data that was supposed to be protected, wasn't.

Cybersecurity watchdogs have identified specific vulnerabilities in the systems holding veterans' medical records and complaint information. Recommendations to close those gaps exist. The critical missing piece is full, timely implementation. Every recommendation that sits unaddressed is a known vulnerability left open while real people suffer real consequences.

We are asking you to act decisively: fully implement the outstanding cybersecurity recommendations protecting veterans' medical records and complaint data. These individuals answered the call when their country needed them. The least we owe them is a government that safeguards their most personal information with the same commitment they brought to their service. Taking these steps will help ensure a more secure and trustworthy future for veterans, military families, and all who will one day depend on these systems.

Sincerely,