Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Navy purchase cards hacked

From: InfoSec News <isn () c4i org>
Date: Fri, 22 Aug 2003 03:38:46 -0500 (CDT)
http://www.fcw.com/fcw/articles/2003/0818/web-navy-08-21-03.asp

By Matthew French 
Aug. 21, 2003 

The Navy has canceled all its purchase card accounts after discovering 
that more than half of them may have been compromised by a hack 
attack.

Defense Department officials this morning said that a system 
containing data for about 13,000 of the Navy's purchase cards had been 
hacked. In response, the Navy canceled all purchase card accounts, 
about 22,000, to "minimize unauthorized purchases," according to a 
statement released by the DOD Purchase Card Management Office.

"Vendors who accept the purchase card and do business with the Navy 
should be aware that all card accounts have been canceled and that 
Citibank is working quickly to reestablish new accounts and cards," 
the statement read. "In the meantime, emergency purchases are being 
handled on a case-by-case basis to fully support Navy requirements." 

DOD has designated a team to investigate how the hack occurred and 
what needs to be done to stop future attacks. A Defense Criminal 
Investigative team is also on site.

Glenn Flood, a spokesman for DOD, said the department does not know 
how the hackers accessed the numbers or whether any money was spent 
before the theft was realized.

The purchase cards, which are credit cards that can be used for 
official government purchases of less than $2,500, have been burdened 
with problems for years. The General Accounting Office has called 
controls over the Navy's purchase card program particularly weak. 

DOD over the past few years reduced the overall number of purchase 
cards issued to its uniformed and civilian employees to reduce the 
total risk of fraud or abuse. The department has long dealt with 
myriad unauthorized purchases -- from prostitutes to plastic surgery, 
motorcycles to music concerts -- and cardholders defaulting on their 
accounts to the tune of several million dollars. 

Defense agencies have used data mining techniques to crack down on 
fraudulent and inappropriate use of the purchase cards, but problems 
persist.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: