Skip to content ↓ | Skip to navigation ↓

Security experts have discovered vulnerabilities in a database where the U.S. State Department stores visa information.

Reuters writes that the State Department first learned of the security flaws following an internal review of its computer systems several months ago.

visa passport

In a report, security experts warned the department that its Consular Consolidated Database (CCD) was at risk of being compromised. That database contains current and archived visa records, which consist of personally identifiable information including names, addresses, photos, biometric data, and identification numbers from the Bureau of Consular Affairs.

The CCD is essential for the U.S. government’s ability to process passport applications.

An official familiar with the review told ABC News that the State Department has already implemented a “coordinated mitigation plan” that has remediated all of the vulnerabilities, which were attributed to the department’s use of several legacy systems.

“[We] view this issue in the lowest threat category,” the official said.

Even so, some government sources have expressed their doubts as to whether all of the vulnerabilities identified in the review have indeed been fixed.

“Vulnerabilities have not all been fixed,” and “there is no defined timeline for closing [them] out,” said one congressional source informed of the matter.

Another source warned that officials with the State Department waited several months before they started to address some of the key issues highlighted in the internal review.

At this time, there is no evidence that a breach of the database has occurred.

ABC News reached out to the State Department for comment, but no official has confirmed whether all of the vulnerabilities discovered in the review have been patched or whether the department is still working on patching the security issues.

News of these vulnerabilities follow more than a year after the State Department temporarily shut down its unclassified email system following a suspected hack.