Cyber security experts have found vulnerabilities in a U.S. State Department system that could have allowed hackers to alter visa applications or steal data from the more than a half-billion records on file, ABC News reported, citing sources familiar with the matter.

The department learned after an internal review several months ago that its Consular Consolidated Database (CCD) was at risk of being compromised, though no breach had been detected, the report said.

The CCD holds current and archived visa records and data, including names, photos, addresses, biometric data and identification numbers from the Bureau of Consular Affairs and is key to processing passport applications for visa applicants and travelers.

There was no evidence that a cyber security incident had occurred pertaining to the CCD, a State Department spokesperson said in an emailed statement.

The vulnerabilities stemmed from aging "legacy" computer systems that comprise the CCD, the ABC News report said.

An official associated with the department's efforts to address the security concerns said a mitigation plan had already fixed the visa-related vulnerabilities, and further steps were being taken, ABC News said.

However, the report said other government sources were skeptical that the CCD's security vulnerabilities had all been resolved, and there was no defined timeline for fixing them.