Navy purchase cards hacked
Defense Department officials said last week that hack attacks compromised about 13,000 Navy purchase cards
Defense Department officials said last week that hack attacks compromised about 13,000 Navy purchase cards.
In response, the Navy canceled all purchase card accounts, totalling about 22,000, to minimize unauthorized purchases, according to a statement released by the DOD Purchase Card Management Office.
"Vendors who accept the purchase card and do business with the Navy should be aware that all card accounts have been cancelled and that Citibank is working quickly to re-establish new accounts and cards," the statement read. "In the meantime, emergency purchases are being handled on a case-by- case basis to fully support Navy requirements."
DOD has designated a team to investigate how the hack occurred and what needs to be done to ensure that it does not happen again. A Defense Criminal Investigative team is also working on the investigation.
DOD spokesman Glenn Flood said the department does not know how the hackers accessed the numbers or if any money was spent before the theft was realized. An official familiar with the investigation said none of the compromised cards were used, because DOD criminal investigators would have instantly known of the attempt and been able to catch the perpetrator. The official would not say how the hack was discovered.
The credit cards tap directly into a Navy account with Citibank and are designed to accommodate purchases up to $2,500.
Karen Meloy, deputy commander of the Navy e-Business Operations Office, said the decision to cancel the 22,000 cards was made because of the large number of cards that may have been compromised.
"I decided to cancel all the compromised accounts once we heard the volume [of] compromised cards," Meloy said. "All compromised accounts have been reissued, and we are consistently monitoring reactivation."
Steve Kelman, a professor of public management at Harvard University's Kennedy School and former administrator of the Office of Federal Procurement Policy during the Clinton administration, said replacing the cards quickly needs to be the department's top priority.
"Obviously, just as if an individual's card was stolen, DOD or the Navy needs to get new numbers or cards out for those whose cards were compromised," Kelman said. "Hopefully, this can happen very quickly because credit cards are very valuable to the federal procurement process and it would be a problem if these cards were not available for a significant amount of time."
The purchase cards have been fraught with problems for years. The General Accounting Office has called controls over the Navy's purchase card program particularly weak.
DOD has long dealt with myriad unauthorized purchases, from prostitutes' services to plastic surgery, motorcycles to music concerts.
During the past few years, DOD has reduced the number of purchase cards issued to its uniformed and civilian employees to reduce the total risk of fraud or abuse.
DOD issues travel cards that are designed to cover expenses while traveling on official business and must be repaid by the cardholder.
NEXT STORY: Interior to respond to court report