Huge Visa Database Still Vulnerable to Cyber Threats
The State Dept. says its visa database is still vulnerable to cyber attacks.
— -- The State Department publicly acknowledged today that it was working to close security gaps in its aging visa record system after a recent internal review discovered the security vulnerabilities.
ABC News first reported about the gaps on March 31, noting that some officials were concerned hackers could seek to doctor visa applications or pilfer sensitive data from a system officials described as the "backbone" for vetting travelers to and from the United States. The system, known as the Consular Consolidated Database, holds nearly a half billion visa-related records.
Testifying this morning in front of a Congressional oversight panel on cyber threats, the State Department's Chief Information Officer Steven Taylor said the department's "penetration testing" did what it was supposed to do.
"Through that process, yes in fact we identified vulnerabilities -- that's the point and purpose of penetration testing, and we are well on our way to reconciling those and remediating it," Taylor said. "We've identified [the CCD] certainly as a target and a critical system to the department."
Rep. Gerry Connolly (D-VA) described the CCD as a "juicy cyber target" for hackers.
In fact, the CCD is one of the world’s largest biometric databases –- storing personal information on anyone who has applied for a U.S. passport or visa in the past two decades. It retains valuable data such as applicants’ photographs, fingerprints, Social Security or other identification numbers and even children’s schools.
Taylor said he was not overtly concerned that the system would be hacked.
"The probability was very low, but obviously clearly given the type of private information that's available in that system and the quantity, even with a low risk we take that very, very seriously," Taylor said.
Congressman Connolly countered that "low hanging, vulnerable fruit is ... potentially ripe for the picking."
State Department officials have stressed that hackers have yet to attack the system despite the known vulnerabilities.
Related Stories
ABC News Live