The CBP Theft Is Exactly What Privacy Experts Said Would Happen

[InfoSec News <alerts () infosecnews org>]

https://www.defenseone.com/ideas/2019/06/cbp-theft-exactly-what-privacy-experts-said-would-happen/157626/

By Sidney Fussell
Staff Writer
The Atlantic
June 11, 2019

U.S. Customs and Border Protection announced yesterday afternoon that hackers 
had stolen an undisclosed number of license-plate images and travelers’ ID 
photos from a subcontractor. Privacy and security activists have long argued 
that as law enforcement vacuums up more data without legal limits, the damage 
of a possible breach scales up. The lack of restrictions on data collection is 
why, for many experts, this hack feels like an inevitability.

According to an emailed statement to journalists from CBP, an unnamed 
subcontractor transferred copies of license-plate images and travelers’ photos 
from federal servers to its own company network, without CBP’s authorization. 
Hackers then targeted and successfully breached the subcontractor’s network. 
CBP reports that its own servers were unharmed by any cyberattack.

CBP doesn’t name the subcontractor, but The Washington Post reports that when 
CBP officials emailed its public statement to reporters, the subject line read 
“CBP Perceptics Public Statement.” The Tennessee-based company Perceptics, 
which furnishes license-plate readers in 43 U.S. Border Patrol checkpoint lanes 
across Texas, New Mexico, and Arizona, confirmed a breach in late May. CBP 
hasn’t confirmed whether these incidents are the same attack, but both the U.K. 
outlet The Register and Vice reported finding scores of traveler data on the 
dark web in the hours after that breach, including financial information, 
photos, and location information.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_