Security Flaw Exposes Massive State Department Visa Database to Hacking
Cyber-defense experts found security flaws in a U.S. State Department system that could have allowed hackers to access almost half a billion visa records.
In a report by ABC News, hackers could have altered or stolen the sensitive data.
Meanwhile, officials downplayed the security gaps and said they would not be easy to exploit. State Department officials assure that altering visa records is not easy, since hackers would need the “right level of permissions” within the database.
“We are, and have been, working continuously … to detect and close any possible vulnerability,” State Department spokesman John Kirby said in a statement to ABC News.
The system is one of the largest biometric databases and holds personal information like applicants’ photographs, fingerprints, Social Security or other identification numbers, and even children’s schools, of almost any individual who has applied for a U.S. passport or visa over the past 20 years.
The situation was informed to high level government officials.
Officials from the State Department and Capitol Hill have said that no breach has been detected as of yet.
The vulnerability in the Consular Consolidated Database, considered as the “backbone” for checking travelers to and from the country is alarming, since foreign nations are tirelessly looking for ways to set spies in the United States. Terrorist organizations like ISIS, have also said that they wanted to exploit the visa system.
The records could be compromised if criminals want to steal identities or access private accounts, but the the worst thing would be if hackers doctored data that help determine whether a passport or visa application has been approved.
“Every visa decision we make is a national security decision,” a top State Department official, Michele Thoren Bond, told a recent House panel.
Last year, more than 2,200 people were denied visas after being suspected of connections to terrorism.
According to ABC, an official associated with the State Department said a “coordinated mitigation plan” has already “remediated” the visa-related gaps, and further steps continue with “appropriate [speed] and precision.”
“[We] view this issue in the lowest threat category,” the official said, claiming that any online system suffers security flaws.
Meanwhile, other government officials doubted that the security gaps in the visa system have been fixed.
“I know the vulnerabilities discovered deserve a pretty darn quick [remedy],” said a concerned government official, who also stated that it took senior State Department officials months to begin addressing the key issues.