Photos of tourists entering United States stolen in cyber attack, border agency says

Cheryl Sanders
June 11, 2019

US Customs and Border Protection announced Monday photos of travelers and license plates were recently compromised in a data breach.

The agency sought to cast blame on the subcontractor, saying the unnamed firm violated CBP policies when it "transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network".

CBP said it first learned of the data breach in May.

A CBP spokesperson declined to comment on the number of people affected and the kind of information compromised, though a government official told the New York Times no more than 100,000 people had their data stolen.

The agency keeps a database of photographs of people as they travel into and out of the United States.

None of the images have been identified on the internet or on the dark web, CBP said in an emailed statement Monday.

"CBP will unwaveringly work with all partners to determine the extent of the breach and the appropriate response", the statement said, adding that no CBP systems were compromised.

The CBP makes extensive use of cameras and video recordings at airports and land border crossings, where images of vehicles are captured.

The Washington Post first reported on the data breach.

That information dump, which encompassed hundreds of gigabytes of data, included internal emails and databases, documentation and client details, blueprints, backups, music, and more.

The agency didn't name the contractor by name, but The Register reported on May 24 that a hacker named "Boris Bullet-Dodger" breached Perceptics, a company that provides license plate reader technology for the US-Mexico border, and then published the information online.

In May, a similar cyberattack was carried out against US-based Perceptics, a company that offered license-plate recognition software to government agencies such as the US Immigration and Customs Enforcement (ICE).

The U.K. computer security website The Register, which said the hacker responsible alerted it to the breach in late May, identified the company as Perceptics.

"We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public", he said in a statement.

The agency maintains a database including passport and visa photos that is used at airports as part of an agency facial-recognition program.

Rep. Bennie Thompson, D-Miss., chairman of the House Homeland Security Committee, said he meant to hold hearings next month on the Homeland Security Department's use of biometric information. "Unfortunately, this is the second major privacy breach at DHS this year", Thompson said, referring to a separate breach in which more than 2 million USA disaster survivors had their information revealed by the Federal Emergency Management Agency.

Other reports by iNewsToday