Travellers crossing the United States-Mexico border have had their images stolen in a major hack to the US Customs and Border Patrol (CBP).
The images were captured over a six week period and we understand fewer than 100,000 people were affected by the incident. Data included photos of passengers inside their vehicles and the vehicle licence plates. A statement from CBP advised that images had not been shared on the dark web, contrary to earlier reports. No other identifiable information had been compromised such as passport data or travel documents.
The agency said that CBP’s systems were not affected and, the sub-contractor in breach, stored the images on their systems without consent. CBP commented that “Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract”.
The Register, a UK computer security website, identified the company as Perceptics after the hackers responsible alerted it to the breach in late May. Perceptics advertise as being “the sole provider of stationary licence plate readers installed at all land border crossing lanes for traffic in the United States, Canada and Mexico.” Contacted by telephone, a spokesperson for Perceptics confirmed that “the company was aware it had been compromised and they are working with authorities to investigate,” but would not provide further details.
As part of a widely growing facial-recognition programme, CBP use cameras at border crossings and airports to track people entering and leaving the United States. Although campaigners argue that surveillance systems harm our privacy, and increase the risks of identity theft, US law enforcement say that these systems enhance airport and border security, assisting in catching criminals.
The Washington Post spoke to Senator Ron Wyden who commented: “If the government collects sensitive information about Americans, it is responsible for protecting it – and that’s just as true if it contracts with a private company. Anyone whose information was compromised should be notified by customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future.”
