Navy purchase cards hacked

Defense Department officials said last week that hack attacks compromised about 13,000 Navy purchase cards.

In response, the Navy canceled all purchase card accounts, totalling about 22,000, to minimize unauthorized purchases, according to a statement released by the DOD Purchase Card Management Office.

"Vendors who accept the purchase card and do business with the Navy should be aware that all card accounts have been cancelled and that Citibank is working quickly to re-establish new accounts and cards," the statement read. "In the meantime, emergency purchases are being handled on a case-by- case basis to fully support Navy requirements."

DOD has designated a team to investigate how the hack occurred and what needs to be done to ensure that it does not happen again. A Defense Criminal Investigative team is also working on the investigation.

DOD spokesman Glenn Flood said the department does not know how the hackers accessed the numbers or if any money was spent before the theft was realized. An official familiar with the investigation said none of the compromised cards were used, because DOD criminal investigators would have instantly known of the attempt and been able to catch the perpetrator. The official would not say how the hack was discovered.

The credit cards tap directly into a Navy account with Citibank and are designed to accommodate purchases up to $2,500.

Karen Meloy, deputy commander of the Navy e-Business Operations Office, said the decision to cancel the 22,000 cards was made because of the large number of cards that may have been compromised.

"I decided to cancel all the compromised accounts once we heard the volume [of] compromised cards," Meloy said. "All compromised accounts have been reissued, and we are consistently monitoring reactivation."

Steve Kelman, a professor of public management at Harvard University's Kennedy School and former administrator of the Office of Federal Procurement Policy during the Clinton administration, said replacing the cards quickly needs to be the department's top priority.

"Obviously, just as if an individual's card was stolen, DOD or the Navy needs to get new numbers or cards out for those whose cards were compromised," Kelman said. "Hopefully, this can happen very quickly because credit cards are very valuable to the federal procurement process and it would be a problem if these cards were not available for a significant amount of time."

The purchase cards have been fraught with problems for years. The General Accounting Office has called controls over the Navy's purchase card program particularly weak.

DOD has long dealt with myriad unauthorized purchases, from prostitutes' services to plastic surgery, motorcycles to music concerts.

During the past few years, DOD has reduced the number of purchase cards issued to its uniformed and civilian employees to reduce the total risk of fraud or abuse.

DOD issues travel cards that are designed to cover expenses while traveling on official business and must be repaid by the cardholder.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.