OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] State Warns Passport Applicants Of Danger of Credit Card Fraud

From: Richard Forno (rfornoinfowarrior.org)
Date: Fri Oct 31 2008 - 07:39:41 CDT


State Warns Passport Applicants Of Danger of Credit Card Fraud

By Glenn Kessler
Washington Post Staff Writer
Friday, October 31, 2008; A17

http://www.washingtonpost.com/wp-dyn/content/article/2008/10/30/AR2008103004716_pf.html

The State Department has notified approximately 400 passport
applicants in the D.C. area of a breach in its database security that
allowed a ring of thieves to obtain confidential information so they
could fraudulently use credit cards stolen from the mail, officials
said.

The scheme, involving two major government agencies, came to light
months ago through a fluke. On March 25, D.C. police officers on a
routine patrol stopped a car on the suspicion that its windows were
excessively tinted, an apparent violation of city law. Smelling
marijuana, the officers searched the car and discovered that the 24-
year-old driver was carrying 21 credit cards not in his name and
printouts of eight passport applications -- and that four of the names
on the passport applications matched the names on four of the credit
cards, according to documents filed in U.S. District Court.

Upon his arrest, the driver, Leiutenant Q. Harris Jr., told police
that he worked with a co-conspirator who was employed by the State
Department and another co-conspirator who worked for the U.S. Postal
Service, court documents said. Officers on the scene called American
Express about some of the cards in Harris's possession, and were told
that they had recently been used and that a fraud alert had been
placed on them.

But the investigation was hampered because Harris was fatally shot
while getting into his car in Northeast Washington on April 17, just
days after appearing in court on fraud charges and shortly after he
agreed to cooperate in the probe.

Florence Fultz, the acting managing director of the State Department's
Passport Services division, urged applicants whose passport files had
been breached to "thoroughly review bank and credit card statements
and obtain a copy of your personal credit card history," according to
a copy of the letter that was sent out this month. The letter informed
recipients that the State Department would provide free credit
monitoring for a year and would reimburse out-of-pocket expenses and
lost wages resulting from identity theft. The applicant's passport
record would be flagged to issue an alert if another application is
made, the letter said.

The criminal investigation has not been completed, but the scam is one
more black eye for State's passport division. Last year, the
department greatly underestimated the number of passport applications
it would receive and fell behind in processing them, resulting in
ruined vacation plans for many Americans. Then, this year, it was
discovered that workers repeatedly snooped without authorization
inside the electronic passport records of entertainers, athletes and
other high-profile Americans -- including Sens. Hillary Rodham Clinton
(D-N.Y.), John McCain (R-Ariz.) and Barack Obama (D-Ill.).

The 192 million passport files maintained by the State Department
contain individuals' passport applications, which include Social
Security numbers, physical descriptions, and names and places of birth
of the applicants' parents -- information that is often requested by
credit card companies when they activate cards sent through the mail.
The files do not contain records of overseas travel or visa stamps
from previous passports.

In July, the State Department's inspector general documented a
widespread lack of controls on the personal data of the 127 million
Americans who hold passports, finding "a general lack of policies,
procedures, guidance and training."

Fultz, in the letter, said: "We are thoroughly examining every aspect
of our information security systems and procedures to safeguard
against unauthorized access of passport records."

The State Department refused to allow any officials to discuss the
case on the record, saying it is still under investigation. But in a
written statement provided on the condition of anonymity, a spokesman
said the department has "undertaken a number of immediate and long-
term measures to significantly improve the protection of personally
identifiable information to include mandatory audits, an enhanced
monitoring list, improved training and a revamped reporting system. In
addition, we have formed a working group to develop long-term systems
solutions to improve the security of these records such as a tiered
access system to all passport records."

In another statement, the department said that a single State employee
was allegedly involved in the fraud and that so far 400 individuals
had been identified "whose records may have been accessed by the
suspect for illicit purposes." But, the statement added, "to the best
of our knowledge, most of these individuals have not experienced
identify theft."

Officials declined to say how much money was stolen or how many people
were involved in the scheme.
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml