Navy purchase cards hacked

The Navy has canceled all its purchase card accounts after discovering that more than half of them may have been compromised by a hack attack.

Defense Department officials this morning said that a system containing data for about 13,000 of the Navy's purchase cards had been hacked. In response, the Navy canceled all purchase card accounts, about 22,000, to "minimize unauthorized purchases," according to a statement released by the DOD Purchase Card Management Office.

"Vendors who accept the purchase card and do business with the Navy should be aware that all card accounts have been canceled and that Citibank is working quickly to reestablish new accounts and cards," the statement read. "In the meantime, emergency purchases are being handled on a case-by-case basis to fully support Navy requirements."

DOD has designated a team to investigate how the hack occurred and what needs to be done to stop future attacks. A Defense Criminal Investigative team is also on site.

Glenn Flood, a spokesman for DOD, said the department does not know how the hackers accessed the numbers or whether any money was spent before the theft was realized.

The purchase cards, which are credit cards that can be used for official government purchases of less than $2,500, have been burdened with problems for years. The General Accounting Office has called controls over the Navy's purchase card program particularly weak.

DOD over the past few years reduced the overall number of purchase cards issued to its uniformed and civilian employees to reduce the total risk of fraud or abuse. The department has long dealt with myriad unauthorized purchases — from prostitutes to plastic surgery, motorcycles to music concerts — and cardholders defaulting on their accounts to the tune of several million dollars.

Defense agencies have used data mining techniques to crack down on fraudulent and inappropriate use of the purchase cards, but problems persist.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.