Photos of Travelers At US Border Compromised In Data Breach, Officials Say
Thousands of photos of travelers and their license plates were compromised at a point of entry on the U.S.-Canadian border in a “malicious cyberattack,” according to a U.S. Customs and Border Protection spokesperson.
The CBP learned on May 31st that a subcontractor they were working with transferred images of license plates and people crossing the border from CBP to their company network, violating CBP policies and contract, officials say.
“Initial reports” showed the compromised photos were only from one port of entry and nearly 100,000 people were affected by it. No other information was compromised and no CBP networks or databases were breached, the CBP spokesperson stated. (RELATED: WH Immigration Plan Will Focus On Border Security And Merit-Based Immigration)
Although the CBP official does not name the subcontractor, a statement sent to The Washington Post by CBP on Monday included the title “CBP Perceptics Public Statement” in a Microsoft Word document.
Perceptics is U.S. technology company that focuses on border security, electronic toll collection, commercial vehicle enforcement and highway and city security. Last month, the company had a major breach of data that got leaked onto the dark web, according to British technology news site The Register.
May 23: The Reg: Perceptics, a license-plate recognition tech vendor used by US border cops, was hacked https://t.co/FQeDEEWZ14
June 10: WaPo: “US Customs and Border Protection says photos of travelers … were recently taken in a data breach” – believed to be Perceptics
— The Register (@TheRegister) June 10, 2019
The CBP official, however, claims that none of the photos or data stolen are on the internet or dark web.
An unnamed U.S. official spoke to The Post telling them that the photos were taken from the U.S.-Canadian border and this hack was not by a foreign country.
Although CBP did not confirm Perceptics was the subcontractor, the U.S. official said Perceptics was attempting to match license plates with faces inside of the car and reprogram its algorithm, which they were not cleared to do.
CBP has been in contact with Congress and some of the members have voiced their concerns about the amount of personal information the agency is collecting.
“Anyone whose information was compromised should be notified by Customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future,” Democratic Oregon Sen. Ron Wyden said in a statement to The Post. “These vast troves of Americans’ personal information are a ripe target for attackers.”
This hack happened as CBP was planning to “expand its massive face recognition apparatus” and collect more information on individuals traveling along the border, Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union told The Post.
“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place,” Guliani concluded. (RELATED: Congress Slips CLOUD Act Into Lengthy Omnibus Spending Bill, Granting Authorities Even More Surveillance Power)
CBP is working with other law enforcement agencies, cybersecurity firms, and the agency’s Office of Professional Responsibility to investigate and monitor any leaked information from the hack.