Navy purchase cards hacked

Defense Department officials said last week that hack attacks compromised about 13,000 Navy purchase cards.

In response, the Navy canceled all purchase card accounts, totalling about 22,000, to minimize unauthorized purchases, according to a statement released by the DOD Purchase Card Management Office.

"Vendors who accept the purchase card and do business with the Navy should be aware that all card accounts have been cancelled and that Citibank is working quickly to re-establish new accounts and cards," the statement read. "In the meantime, emergency purchases are being handled on a case-by- case basis to fully support Navy requirements."

DOD has designated a team to investigate how the hack occurred and what needs to be done to ensure that it does not happen again. A Defense Criminal Investigative team is also working on the investigation.

DOD spokesman Glenn Flood said the department does not know how the hackers accessed the numbers or if any money was spent before the theft was realized. An official familiar with the investigation said none of the compromised cards were used, because DOD criminal investigators would have instantly known of the attempt and been able to catch the perpetrator. The official would not say how the hack was discovered.

The credit cards tap directly into a Navy account with Citibank and are designed to accommodate purchases up to $2,500.

Karen Meloy, deputy commander of the Navy e-Business Operations Office, said the decision to cancel the 22,000 cards was made because of the large number of cards that may have been compromised.

"I decided to cancel all the compromised accounts once we heard the volume [of] compromised cards," Meloy said. "All compromised accounts have been reissued, and we are consistently monitoring reactivation."

Steve Kelman, a professor of public management at Harvard University's Kennedy School and former administrator of the Office of Federal Procurement Policy during the Clinton administration, said replacing the cards quickly needs to be the department's top priority.

"Obviously, just as if an individual's card was stolen, DOD or the Navy needs to get new numbers or cards out for those whose cards were compromised," Kelman said. "Hopefully, this can happen very quickly because credit cards are very valuable to the federal procurement process and it would be a problem if these cards were not available for a significant amount of time."

The purchase cards have been fraught with problems for years. The General Accounting Office has called controls over the Navy's purchase card program particularly weak.

DOD has long dealt with myriad unauthorized purchases, from prostitutes' services to plastic surgery, motorcycles to music concerts.

During the past few years, DOD has reduced the number of purchase cards issued to its uniformed and civilian employees to reduce the total risk of fraud or abuse.

DOD issues travel cards that are designed to cover expenses while traveling on official business and must be repaid by the cardholder.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.