Security Flaw Exposes Massive State Department Visa Database to Hacking

By Denisse Moreno, Epoch Times
April 1, 2016 Updated: April 10, 2016

Cyber-defense experts found security flaws in a U.S. State Department system that could have allowed hackers to access almost half a billion visa records.

In a report by ABC News, hackers could have altered or stolen the sensitive data.

Meanwhile, officials downplayed the security gaps and said they would not be easy to exploit. State Department officials assure that altering visa records is not easy, since hackers would need the “right level of permissions” within the database.

“We are, and have been, working continuously … to detect and close any possible vulnerability,” State Department spokesman John Kirby said in a statement to ABC News.

The system is one of the largest biometric databases and holds personal information like applicants’ photographs, fingerprints, Social Security or other identification numbers, and even children’s schools, of almost any individual who has applied for a U.S. passport or visa over the past 20 years.

HOUSTON - FEBRUARY 1:  An arriving passenger uses a new biometric scanner at George H. W. Bush Intercontinental Airport February 1, 2008 in Houston, Texas. The new system is set up to scan all ten fingers instead of the two finger scanners previously used. (Photo by Dave Einsel/Getty Images)
An arriving passenger uses a new biometric scanner at George H. W. Bush Intercontinental Airport in Houston, Feb. 1, 2008.  (Dave Einsel/Getty Images)

The situation was informed to high level government officials.

Officials from the State Department and Capitol Hill have said that no breach has been detected as of yet.

The vulnerability in the Consular Consolidated Database, considered as the “backbone” for checking travelers to and from the country is alarming, since foreign nations are tirelessly looking for ways to set spies in the United States. Terrorist organizations like ISIS, have also said that they wanted to exploit the visa system.

The records could be compromised if criminals want to steal identities or access private accounts, but the the worst thing would be if hackers doctored data that help determine whether a passport or visa application has been approved.

Every visa decision we make is a national security decision.
— Michele Thoren Bond, U.S. State Department

“Every visa decision we make is a national security decision,” a top State Department official, Michele Thoren Bond, told a recent House panel.

Last year, more than 2,200 people were denied visas after being suspected of connections to terrorism.

According to ABC, an official associated with the State Department said a “coordinated mitigation plan” has already “remediated” the visa-related gaps, and further steps continue with “appropriate [speed] and precision.”

[We] view this issue in the lowest threat category
— U.S. Official

“[We] view this issue in the lowest threat category,” the official said, claiming that any online system suffers security flaws.

Meanwhile, other government officials doubted that the security gaps in the visa system have been fixed.

“I know the vulnerabilities discovered deserve a pretty darn quick [remedy],” said a concerned government official, who also stated that it took senior State Department officials months to begin addressing the key issues.