CBP says photos of U.S. travelers, license plate images were stolen in data breach

[Richard Forno <rforno () infowarrior org>]

CBP says photos of U.S. travelers, license plate images were stolen in data breach

By Emily Birnbaum - 06/10/19 04:40 PM EDT 8

https://thehill.com/policy/technology/447778-cbp-says-photos-of-us-travelers-license-plate-images-were-stolen-in-data

Photos of U.S travelers and license plate images were recently stolen from a database maintained by Customs and Border 
Protection (CBP), the agency confirmed on Monday. 

In a statement to The Hill, a CBP spokesperson said it learned on May 21 that a "subcontractor ... had transferred 
copies of license plate images and traveler images collected by CBP to the subcontractor's company network." 

"The subcontractor’s network was subsequently compromised by a malicious cyber-attack," the spokesperson said.

The spokesperson added the subcontractor had transferred the photos to its own network "in violation of CBP policies 
and without CBP’s authorization or knowledge." 

The federal law enforcement agency maintains an expansive photo database that includes photos of people traveling into 
and out of the country. CBP, which is part of the Department of Homeland Security (DHS), has not named the 
subcontractor involved in the data breach.

"As of today, none of the image data has been identified on the Dark Web or internet," the border agency said in a 
statement. "CBP has alerted Members of Congress and is working closely with other law enforcement agencies and 
cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident." 

It is unclear what photos were taken, and if they are related to the database of visa and passport photos the CBP 
maintains in order to assist with its facial recognition technology program expanding to airports across the U.S.

The agency spokesperson declined to share further information on the extent of the breach, saying in an email 
responding to a list of questions, "I don’t have any additional information to share at this time."

Perceptics, a company that sells license plate reader technology to the U.S. government, confirmed in May that it had 
been hacked. The admission came after hackers posted the internal data of the company to the dark web, according to an 
article from tech outlet Motherboard.

“We are aware of the breach and have notified our customers. We can’t comment any further because it is an ongoing 
legal investigation,” Casey Self, director of marketing for Perceptics, said in a statement to Motherboard at the time.

The company contracts with the U.S. government to sell license plate readers, driver cameras, and under-vehicle cameras 
to place at borders between the U.S., Canada and Mexico. 

Perceptics did not immediately respond to The Hill's request for comment. 
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange