The United States Customs and Border Protection states that photos and other personal information of travellers leaked in May. The CBP reports that it learned of the breach on May 31, 2019.
Following this, CNET notes that the U.S. Customs and Border Protection alerted the Congress. CNN also notes that the agency is communicating with law enforcement and cybersecurity groups following the data privacy breach. CBP remains alert in working with the authorities to clarify the magnitude of the breach.
CNET also maintains that CBP has removed all of the subcontractor’s equipment under its care. Affected individuals amount to less than 100,000.
How it Happened
A subcontractor “transferred copies of license plate images and traveller images collected by CBP to the subcontractor’s company network.” The subcontractor reportedly encountered a cyber attack, based on a report by CNN. Despite encountering the data breach, The Guardian states that the dark web contains no traces of the leaked personal data.
Based on the statement of CBP, the subcontractor “violated mandatory security and privacy protocols outlined in their contract,” conveys CNN.
While the federal government agency did not identify the subcontractor, Time’s account details the company goes by the name Perceptics. Based on the narrative, the hacker alerted The Register. The Register is a computer security website in the United Kingdom who identified the company, said Time.
Hailing from Farragut, Tennessee, Perceptics provides its services for vehicle inspection lanes and border ports of entry. Its services are also used in electronic toll collection, roadway monitoring informs Time.
The leaked photographs showed travellers coming and going to the United States. Apart from this, the photographs also leaked license plate information. However, the statement released by the U.S. Customs and Border Protection notes no compromised systems.
Following this security breach, numerous civil liberties groups and advocates expressed their alarm about the system. Most said that data retained by these agencies can be used for wrongful practices.
In a statement, Neema Singh Guliani, the American Civil Liberties Union senior legislative counsel voiced her sentiments. “This breach comes just as CBD seeks to expand its massive face recognition apparatus and collection of sensitive information.” Guliani also said, “this incident further underscores the need to put the brakes on these efforts.”
To protect data, Guliani states the best approach is “not to collect and retain such data in the first place.”