Navy purchase cards hacked

Defense Department officials said last week that hack attacks compromised about 13,000 Navy purchase cards.

In response, the Navy canceled all purchase card accounts, totalling about 22,000, to minimize unauthorized purchases, according to a statement released by the DOD Purchase Card Management Office.

"Vendors who accept the purchase card and do business with the Navy should be aware that all card accounts have been cancelled and that Citibank is working quickly to re-establish new accounts and cards," the statement read. "In the meantime, emergency purchases are being handled on a case-by- case basis to fully support Navy requirements."

DOD has designated a team to investigate how the hack occurred and what needs to be done to ensure that it does not happen again. A Defense Criminal Investigative team is also working on the investigation.

DOD spokesman Glenn Flood said the department does not know how the hackers accessed the numbers or if any money was spent before the theft was realized. An official familiar with the investigation said none of the compromised cards were used, because DOD criminal investigators would have instantly known of the attempt and been able to catch the perpetrator. The official would not say how the hack was discovered.

The credit cards tap directly into a Navy account with Citibank and are designed to accommodate purchases up to $2,500.

Karen Meloy, deputy commander of the Navy e-Business Operations Office, said the decision to cancel the 22,000 cards was made because of the large number of cards that may have been compromised.

"I decided to cancel all the compromised accounts once we heard the volume [of] compromised cards," Meloy said. "All compromised accounts have been reissued, and we are consistently monitoring reactivation."

Steve Kelman, a professor of public management at Harvard University's Kennedy School and former administrator of the Office of Federal Procurement Policy during the Clinton administration, said replacing the cards quickly needs to be the department's top priority.

"Obviously, just as if an individual's card was stolen, DOD or the Navy needs to get new numbers or cards out for those whose cards were compromised," Kelman said. "Hopefully, this can happen very quickly because credit cards are very valuable to the federal procurement process and it would be a problem if these cards were not available for a significant amount of time."

The purchase cards have been fraught with problems for years. The General Accounting Office has called controls over the Navy's purchase card program particularly weak.

DOD has long dealt with myriad unauthorized purchases, from prostitutes' services to plastic surgery, motorcycles to music concerts.

During the past few years, DOD has reduced the number of purchase cards issued to its uniformed and civilian employees to reduce the total risk of fraud or abuse.

DOD issues travel cards that are designed to cover expenses while traveling on official business and must be repaid by the cardholder.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.