A military healthcare administrator quietly disclosed a breach that exposed sensitive data on thousands of active-duty troops, veterans, and their families.
TriWest Healthcare, which manages government health programs for the Pentagon and VA, confirmed an attacker accessed its network on April 16 and downloaded files containing beneficiary records. The company notified roughly 12,000 TRICARE members after reporting details to the California State Attorney General. Stolen fields include names, DoD Benefits numbers, ZIP codes, and authorization request types — with a subset of victims also losing Social Security numbers, postal addresses, and dates of birth. TriWest says it moved immediately to contain the intrusion and has been working with the government on required notifications.
The breach sits at an uncomfortable intersection: military healthcare records carry more identity-fraud risk than typical consumer data, because DoD Benefits numbers tie directly to service history and eligibility systems that are harder to freeze than a credit file. No threat group has claimed the attack, and the data has not appeared on dark web markets yet — but "not yet surfaced" is not the same as "safe".
This is TriWest's second significant security incident; the company suffered a major breach in late 2023 that affected millions of records, which makes the recurrence harder to explain as bad luck.