A subcontractor at the Customs and Border Protection (CBP) agency was victim of a data breach, officials stated Monday. Over ten thousand images of license plates and travelers were stolen in this attack. Anonymous CBP officials are calling this a ‘major incident’. This incident raises questions about American’s privacy and rights.
In a statement the agency said:
“CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network”
The name is the subcontractor has not been revealed by the CBP. However, a public statement sent to Washington Post by the agency suggests that the subcontractor works for the vendor Perceptics. Additionally, this company makes license plate readers for CBP. These readers are used to match license plate numbers with the faces of individuals inside the vehicles.
Moreover, the same company was attacked this year, when the hacker ‘Boris Bullet-Dodger’ posted stolen data from Perceptics on the dark web last month.
Further, an anonymous CBP official has confirmed that affected individuals included those who had crossed the Canadian border. Additionally, no CBP systems were affected in this attack, however, the vendor was compromised.
This breach raises alarms about privacy concerns and the affect of surveillance to basic rights of Americans. Senator, Ron Wyden told Washington Post:
“If the government collects sensitive information about Americans, it is responsible for protecting it — and that’s just as true if it contracts with a private company… Anyone whose information was compromised should be notified by Customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future.”
Other advocates have said that breach indicates that the government’s database has becoming a target for malicious individuals. It is important the government begin focus on ensuring that surveillance and biometric information collected does not compromise the privacy of Americans.
Contact LIFARS immediately if your organization has experienced a data breach.