A US Customs and Border Protection (CBP) suffered a data breach exposing tens of thousands of travelers’ photos and license plate information collected at the nation’s border coming in and out of the United States in a recent cyberattack. This malicious cyber-attack hit the database of CBP subcontractor which identifies traveler photos and license plate images without the federal agency’s authorization or knowledge.
A CBP spokesman said in a statement that the agency had learned that the subcontractor, in violation of security policies, had transferred copies of license-plate images and traveler images that had been collected by CBP, to its own network.The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised.
The stolen photos were coming from travelers in vehicles entering and leaving the US through specific lanes at a single Port of Entry over a month-and-a-half period. It was confirmed that any identifying information or travel document images from travelers were not compromised. Images of airline passengers from the air entry and exit process were also not involved.
As an initiative of the US government to bio-metrically verify the identities of all travelers crossing US borders, CBP is undergoing an ongoing rollout of biometric entry-exit system. This is where the cyberattack came into picture. As a result of the cyberattack, CBP is striving to implement the initiative with the goal of using facial recognition technology on 100 percent of all international passengers including American citizens.
According to a law enforcement official, fewer than 100,000 people had their information compromised by the attack. He added that the agency had removed from service all equipment related to the breach and was monitoring contract work by the subcontractor. The federal agency did not name the subcontractor whose computer network was hacked.
Last week, a group of privacy activists launched a new tool providing fraud protection from invasive facial recognition technologies at airports.They also want everyone to be watchful about the potential for data to be misused as law enforcement agencies have heightened the surveillance of license plate data, travelers’ social media accounts and other private information.
Dark web monitoring and website scanning has been done by the CBP and confirmed that none of the image data has been identified on the dark web or internet.