Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uncle Sam's Travel Site Grounded By Breach

Posted by timothy on from the bailout-is-in-order dept.

McGruber writes "Northrop Grumman's Govtrip.com website has been shut down following a security breach, according to a report by 'Security Fix' blogger Brian Krebs. Being a federal employee and frequent work traveler, I am (was?) a Govtrip user. My agency required me to use Govtrip to book all of my trips, including my airfare, car rentals, and hotel reservations, so Northrop Grumman's Govtrip databases contain my frequent flier numbers, Avis & Budget car rental numbers and frequent hotel guest (Choice Privileges, Marriott Rewards, Priority Club, etc.) numbers. Northrup-Grumman also stored all of my trip itineraries, including destinations, dates & modes of travel and the particular vendors (airline, hotel, rental car brand, etc.) used on a particular trip. Also stored on the website were my work travel credit-card (it has a $15,000 charge limit), personal checking account where my travel reimbursements were deposited, my home address, and emergency contacts ... just imagine what an accomplished social engineer can do with that combination of information!"

2 of 67 comments (clear)

  1. Accounts need 2 access no's: In & Out #'s by ivi · · Score: 4, Interesting

    If having another's check book account number means that one can withdraw from it, here's an easy fix:

    Each account gets (at least) 2 numbers:

    1. to deposit INTO it,
    2. another to write cheques to get $$$ OUT of it, &
    3. maybe a 3rd to let vendors & banks (with a cheque in-hand) to check that the balance covers the cheque.

    It would - with that structure - not matter that this web site's security is breached (at least for -that- particular account).

  2. Re:Governments... by Curunir_wolf · · Score: 4, Interesting

    They are also the company that is basically taking over all of the IT functions for the Commonwealth of Virginia. It's working about as smoothly as you would expect.

    I'm sure once all the agencies have turned over all their equipment, applications, and network services to Northrop-Grumman to be run from their new high-efficiency data center, that It service will improve, security will be rock-solid, and costs will drop like a stone.

    --
    "Somebody has to do something. It's just incredibly pathetic it has to be us."
    --- Jerry Garcia