Yesterday, the U.S. Customs and Border Protection(CBP) revealed a data breach occurrence exposing the photos of travelers and vehicles traveling in and out of the United States. CBP first learned of the attack on May 31 and said that none of the image data had been identified “on the Dark Web or Internet”.
According to a CBP spokesperson, one of its subcontractors transferred images of travelers and license plate photos collected by the agency to its internal networks, which were then compromised by the attack. The agency declined to name the subcontractor that was compromised. They also said that its own systems had not been compromised.
“A spokesperson for the agency later said the security incident affected “fewer than 100,000 people” through a “few specific lanes at a single land border” over a period of a month and a half”, according to TechCrunch.
— AJ Vicens (@AJVicens) June 10, 2019
“No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved,” the spokesperson said.
According to The Register’s report released last month, a huge amount of internal files were breached from the firm Perceptics and were being offered for free on the dark web to download. The company’s license plate readers are deployed at various checkpoints along the U.S.-Mexico border.
— Joseph Cox (@josephfcox) June 10, 2019
Now, according to the Washington Post, “in the Microsoft Word document of CBP’s public statement, sent Monday to Washington Post reporters, included the name “Perceptics” in the title: CBP Perceptics Public Statement”.
“Perceptics representatives did not immediately respond to requests for comment. CBP spokeswoman Jackie Wren said she was “unable to confirm” if Perceptics was the source of the breach.”, the Washington post further added.
In a statement to The Post, Sen. Ron Wyden (D-Ore.) said, “If the government collects sensitive information about Americans, it is responsible for protecting it — and that’s just as true if it contracts with a private company.”
“Anyone whose information was compromised should be notified by Customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future”, he further added.
ACLU senior legislative counsel, Neema Singh Guliani said that the breach “further underscores the need to put the brakes” on the government’s facial recognition efforts. “The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” she said.