Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S. border point have been stolen as a result of a cyber attack.
The Customs and Border Protection agency did not reveal the name of the company that was involved in the incident. According to media outlets, hackers broke into the computer network of an unnamed subcontractor, many experts believe the incident could be linked to the hack of Perceptics.
At the end of May the company Perceptics, a leader in license plate readers (LPRs), license plate recognition systems and vehicle identification products, announced to have suffered a security breach. The attackers stole data and offered business plans, financial documents, and personal information for free on the dark web.
LPRs manufactured by Perceptics are installed at all land border crossing lanes for privately owned vehicle traffic (POV) in the United States, Canada, and for the most critical lanes in Mexico.
A Customs spokesman revealed that fewer than 100,000 people have been impacted, hackers accessed to photos of travelers in vehicles entering and exiting the United States at a single land-border port of entry over one and a half months.
CBP said that stolen data are not available online or in the Dark Web.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” reads a statement published by the CBP.
Anyway the subcontractor was not authorized to transfer copies of the images to its infrastructure without CBP’s authorization.
The Customs and Border Protection learned of the security breach on May 31, 2019, it pointed out that hackers did not compromise its network.
“The chairman of the House Homeland Security Committee, Rep. Bennie Thompson of Mississippi, noted with alarm that this is the “second major privacy breach at DHS this year.”” reported the AP.
“We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public,” he said in a statement.
(SecurityAffairs – CBP, hacking)