Navy purchase cards hacked

The Navy has canceled all its purchase card accounts after discovering that more than half of them may have been compromised by a hack attack.

Defense Department officials this morning said that a system containing data for about 13,000 of the Navy's purchase cards had been hacked. In response, the Navy canceled all purchase card accounts, about 22,000, to "minimize unauthorized purchases," according to a statement released by the DOD Purchase Card Management Office.

"Vendors who accept the purchase card and do business with the Navy should be aware that all card accounts have been canceled and that Citibank is working quickly to reestablish new accounts and cards," the statement read. "In the meantime, emergency purchases are being handled on a case-by-case basis to fully support Navy requirements."

DOD has designated a team to investigate how the hack occurred and what needs to be done to stop future attacks. A Defense Criminal Investigative team is also on site.

Glenn Flood, a spokesman for DOD, said the department does not know how the hackers accessed the numbers or whether any money was spent before the theft was realized.

The purchase cards, which are credit cards that can be used for official government purchases of less than $2,500, have been burdened with problems for years. The General Accounting Office has called controls over the Navy's purchase card program particularly weak.

DOD over the past few years reduced the overall number of purchase cards issued to its uniformed and civilian employees to reduce the total risk of fraud or abuse. The department has long dealt with myriad unauthorized purchases — from prostitutes to plastic surgery, motorcycles to music concerts — and cardholders defaulting on their accounts to the tune of several million dollars.

Defense agencies have used data mining techniques to crack down on fraudulent and inappropriate use of the purchase cards, but problems persist.