Frank Bajak Associated Press
Published 10:49 PM EDT Jun 10, 2019
Customs and Border Protection said Monday that photos of travelers and license plates collected at one U.S. border point have been exposed in a malicious cyberattack in what a leading congressman called a “major privacy breach.”
The federal agency did not name the subcontractor whose computer network was hacked but the announcement followed news that a Tennessee-based company that bills itself as the sole provider of stationary license plate readers at U.S. borders had been compromised.
A Customs spokesman said initial reports indicated that the images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land-border port of entry over 1 1/2 months. No other identifying information was included with the images.
It was not clear how many of those affected were U.S. citizens.
The U.K. computer security website The Register, which said the hacker responsible alerted it to the breach in late May, identified the company as Perceptics. A spokesman for the company did not immediately respond to an email from The Associated Press seeking comment.
More: 10 Most Counterfeited Products in America
CBP said none of the data had surfaced on the internet or Dark Web. The Register said the hacker provided it with a list of files exfiltrated from the Perceptics corporate network and said a company spokesperson had confirmed the hack.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” CBP said in a statement.
The agency said it learned of the data breach May 31. It said the subcontractor had transferred copies of the images to its company network in violation of government policies and without the agency’s authorization.
No Customs networks or databases were breached, the agency spokesman said.
The chairman of the House Homeland Security Committee, Rep. Bennie Thompson of Mississippi, noted with alarm that this is the “second major privacy breach at DHS this year.”
“We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public,” he said in a statement.
In March, the Homeland Security Department’s inspector general announced that another of its subdivisions, the Federal Emergency Management Agency, had wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing those affected to identity fraud and theft.
Perceptics, of Farragut, Tennessee, bills itself as the sole provider of license-plate readers “for passenger vehicle primary inspection lanes at all land border ports of entry in the United States, Canada and at the most critical lanes in Mexico.”
It says it has secured “thousands of border checkpoints” and says its products automate over 200 hundred million vehicle inspections annually.
Perceptics technology is also used in electronic toll collection and roadway monitoring.
- Border Protection lends a hand for Super Bowl security
- U.S. Homeland Security agents training Guatemalan border guards say locals officials don't know their own immigration laws, weapons handling or how to interrogate undocumented immigrants
- Rich Franklin says he was handcuffed and detained at LAX in case of mistaken identity
- AOC Slams 'Manufactured' Cruelty at US Southern Border in Testimony Before House Panel
- California wildfires: Eight images that reveal scale of devastation
- Current F1 teams in discussion with Mercedes to become customer cars
- PG&E asks customers infuriated by three planned power shut offs this week not to SHOOT at their employees
- Protection of Hue’s colonial buildings lands in controversy
- Egypt plane crash likely to have been caused by bomb, says David Cameron
- Irish minister says Boris Johnson's Brexit stance 'quite alarming'