[BreachExchange] CBP says photos of U.S. travelers, license plate images were stolen in data breach

Mon Jun 10 17:19:50 EDT 2019

CBP says photos of U.S. travelers, license plate images were stolen in data breach

By Emily Birnbaum - 06/10/19 04:40 PM EDT 8

https://thehill.com/policy/technology/447778-cbp-says-photos-of-us-travelers-license-plate-images-were-stolen-in-data

Photos of U.S travelers and license plate images were recently stolen from a database maintained by Customs and Border Protection (CBP), the agency confirmed on Monday. 

In a statement to The Hill, a CBP spokesperson said it learned on May 21 that a "subcontractor ... had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network." 

"The subcontractor’s network was subsequently compromised by a malicious cyber-attack," the spokesperson said.

The spokesperson added the subcontractor had transferred the photos to its own network "in violation of CBP policies and without CBP’s authorization or knowledge." 

The federal law enforcement agency maintains an expansive photo database that includes photos of people traveling into and out of the country. CBP, which is part of the Department of Homeland Security (DHS), has not named the subcontractor involved in the data breach.

"As of today, none of the image data has been identified on the Dark Web or internet," the border agency said in a statement. "CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident." 

It is unclear what photos were taken, and if they are related to the database of visa and passport photos the CBP maintains in order to assist with its facial recognition technology program expanding to airports across the U.S.

The agency spokesperson declined to share further information on the extent of the breach, saying in an email responding to a list of questions, "I don’t have any additional information to share at this time."

Perceptics, a company that sells license plate reader technology to the U.S. government, confirmed in May that it had been hacked. The admission came after hackers posted the internal data of the company to the dark web, according to an article from tech outlet Motherboard.

“We are aware of the breach and have notified our customers. We can’t comment any further because it is an ongoing legal investigation,” Casey Self, director of marketing for Perceptics, said in a statement to Motherboard at the time.

The company contracts with the U.S. government to sell license plate readers, driver cameras, and under-vehicle cameras to place at borders between the U.S., Canada and Mexico. 

Perceptics did not immediately respond to The Hill's request for comment. 