FedScoop reports that the U.S. Department of Veterans Affairs has begun investigating a data breach following a federal contractor's publication of source code with encrypted key tokens, hard-coded administrator account privileges, and key database table information on GitHub.
Six foreign IP addresses, including one from a U.S. adversary, have replicated the source code, which was allegedly copied by the contractor from a GitHub account managed by the VA to their personal account on July 5, according to sources. However, the VA's IT leadership was only informed about such an incident on Sept. 9.
The VA stressed that no data has been compromised by the incident.
"While the software code contained embedded credentials, they were not administrative credentials and did not present a risk to VA or Veteran data. The credentials are part of system-to-system communications that can only be utilized within the VA network. Additionally, VA has no evidence of a data breach or data being cloned by other countries or validated by foreign IP addresses," said a VA spokesperson.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news