Protecting yourself

D.C. passport applicants at risk for identity theft

Tyler Metzger

About 400 D.C. residents were recently notified by the State Department that their passport applications were stolen by thieves seeking to use the sensitive information to commit credit card fraud.

According to the Washington Post, on March 25, D.C. police officers stopped a car on suspicion of “excessively tinted” windows, which is against the law there. The officers searched the car after they smelled marijuana and found 21 credit cards not in the driver’s name and printouts of eight passport applications. They later discovered that four of the credit cards matched the names of four of the passport applications.

The driver of the car, Lieutenant Q. Harris Jr., was arrested. He then told officers something big — his accomplices worked for the State Department and the U.S. Postal Service. It was an inside job.

Harris appeared in court on fraud charges and agreed to cooperate with police. But a month later, he was fatally shot while getting into his car. To date, the crime is still unsolved.

Harris and his posse were planning to use the passport applications, which include sensitive information such as Social Security numbers and places where applicants’ parents were born, to activate stolen credit cards they obtained in the mail.

The State Department sent letters to the people they believe were affected by the breach. The letter says the department will provide free credit monitoring for a year and will reimburse any expenses incurred due to the identity theft. It also asked passport applicants to review their bank and credit card statements and to check their credit card history.

A spokesman from the State Department, who asked to remain anonymous, told the Washington Post in a written statement that significant measures are being taken to improve information protection. Some of them include “mandatory audits, an enhanced monitoring list, improved training and a revamped reporting system.” The department says most individuals who had their applications stolen have not experienced identify theft.

The investigation is another example of trouble at the State’s passport division. In 2007, the department underestimated the amount of passport applications it would receive and how long it would take to process them, which resulted in many Americans not receiving their passports in time for their travels. Then, this March, it was revealed that workers snooped through the passport files of high profile Americans, including Hilary Clinton, Barack Obama and John McCain without permission.


Note: This post is featured in 178th Carnival of Personal Finance hosted by the Digerati Life. The carnival’s theme commemorates the works of Der Struwwelpeter, a German poet known for his bizzare collection of children’s stories. Eclectic and a little odd, this carnival is a great read.

See related: ID theft again tops FTC fraud complaint list, Is your credit card ripe for fraud?

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • What makes this breach especially troubling is that passport applicants have no choice in the information they provide to the State Department. Addresses, contact information and social security numbers are all conveniently included in the application, making it easy for the State Department employee to grab records and immediately turn these into credit card applications.
    The measures the department is now taking – permissions, auditing and monitoring – are some of the right measures to have taken *before* a breach occurred. Implementing them afterwards is simply too little, too late.
    It is too late, because these really ought to have been in place at the very highest level well before the breach occurred – we are not talking about new security technologies, here. The data are highly personal to the individuals concerned and are permanent. You cannot change your data of birth or Social Security number in the way that you can a password. They need and deserve to be fully protected.
    It is too little, because these measures, even upgraded, will not prevent insider breaches in the future. They will merely alert the IT team after a breach has occurred. The Department needs to implement a system that blocks any access attempt that is deemed suspicious. Having this type of system in place last March would have stopped the employee from downloading multiple applications while simultaneously alerting IT administrators that records were being compromised.
    The public’s data need and deserve to be treated with more respect.