<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16735" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>
<DIV><FONT size=2><STRONG><FONT size=5>State Warns Passport Applicants Of Danger
of Credit Card Fraud<BR></FONT></STRONG>
<P><FONT size=-1>By Glenn Kessler<BR>Washington Post Staff Writer<BR>Friday,
October 31, 2008; A17<BR></FONT></P>
<P></P>
<P>The <A
href="http://www.washingtonpost.com/ac2/related/topic/U.S.+Department+of+State?tid=informline"
target="">State Department</A> has notified approximately 400 passport
applicants in the D.C. area of a breach in its database security that allowed a
ring of thieves to obtain confidential information so they could fraudulently
use credit cards stolen from the mail, officials said.</P>
<P>The scheme, involving two major government agencies, came to light months ago
through a fluke. On March 25, D.C. police officers on a routine patrol stopped a
car on the suspicion that its windows were excessively tinted, an apparent
violation of city law. Smelling marijuana, the officers searched the car and
discovered that the 24-year-old driver was carrying 21 credit cards not in his
name and printouts of eight passport applications -- and that four of the names
on the passport applications matched the names on four of the credit cards,
according to documents filed in <A
href="http://www.washingtonpost.com/ac2/related/topic/U.S.+District+Court?tid=informline"
target="">U.S. District Court</A>.</P>
<P>Upon his arrest, the driver, Lieutenant Q. Harris Jr., told police that he
worked with a co-conspirator who was employed by the State Department and
another co-conspirator who worked for the <A
href="http://www.washingtonpost.com/ac2/related/topic/U.S.+Postal+Service?tid=informline"
target="">U.S. Postal Service</A>, court documents said. Officers on the scene
called <A
href="http://www.washingtonpost.com/ac2/related/topic/American+Express+Company?tid=informline"
target="">American Express</A> about some of the cards in Harris's possession,
and were told that they had recently been used and that a fraud alert had been
placed on them.</P>
<P>But the investigation was hampered because Harris was fatally shot while
getting into his car in Northeast Washington on April 17, just days after
appearing in court on fraud charges and shortly after he agreed to cooperate in
the probe.</P>
<P>Florence Fultz, the acting managing director of the State Department's
Passport Services division, urged applicants whose passport files had been
breached to "thoroughly review bank and credit card statements and obtain a copy
of your personal credit card history," according to a copy of the letter that
was sent out this month. The letter informed recipients that the State
Department would provide free credit monitoring for a year and would reimburse
out-of-pocket expenses and lost wages resulting from identity theft. The
applicant's passport record would be flagged to issue an alert if another
application is made, the letter said.</P>
<P>The criminal investigation has not been completed, but the scam is one more
black eye for State's passport division. Last year, the department greatly
underestimated the number of passport applications it would receive and fell
behind in processing them, resulting in ruined vacation plans for many
Americans. Then, this year, it was discovered that workers repeatedly snooped
without authorization inside the electronic passport records of entertainers,
athletes and other high-profile Americans -- including Sens. <A
href="http://www.washingtonpost.com/ac2/related/topic/Hillary+Clinton?tid=informline"
target="">Hillary Rodham Clinton (D-N.Y.)</A>, <A
href="http://www.washingtonpost.com/ac2/related/topic/John+McCain?tid=informline"
target="">John McCain</A> (R-Ariz.) and <A
href="http://www.washingtonpost.com/ac2/related/topic/Barack+Obama?tid=informline"
target="">Barack Obama</A> (D-Ill.).</P>
<P>The 192 million passport files maintained by the State Department contain
individuals' passport applications, which include Social Security numbers,
physical descriptions, and names and places of birth of the applicants' parents
-- information that is often requested by credit card companies when they
activate cards sent through the mail. The files do not contain records of
overseas travel or visa stamps from previous passports.</P>
<P>In July, the State Department's inspector general documented a widespread
lack of controls on the personal data of the 127 million Americans who hold
passports, finding "a general lack of policies, procedures, guidance and
training."</P>
<P>Fultz, in the letter, said: "We are thoroughly examining every aspect of our
information security systems and procedures to safeguard against unauthorized
access of passport records."</P>
<P>The State Department refused to allow any officials to discuss the case on
the record, saying it is still under investigation. But in a written statement
provided on the condition of anonymity, a spokesman said the department has
"undertaken a number of immediate and long-term measures to significantly
improve the protection of personally identifiable information to include
mandatory audits, an enhanced monitoring list, improved training and a revamped
reporting system. In addition, we have formed a working group to develop
long-term systems solutions to improve the security of these records such as a
tiered access system to all passport records."</P>
<P>In another statement, the department said that a single State employee was
allegedly involved in the fraud and that so far 400 individuals had been
identified "whose records may have been accessed by the suspect for illicit
purposes." But, the statement added, "to the best of our knowledge, most of
these individuals have not experienced identify theft."</P>
<P>Officials declined to say how much money was stolen or how many people were
involved in the scheme.</P></FONT></DIV></FONT></DIV></BODY></HTML>