San Ysidro Port of Entry Vehicles cross the border at the San Ysidro Port of Entry. (Donna Burton/CBP)

CBP Breach: Subcontractor Network Wrongly Holding Biometric Data Gets Hacked

Customs and Border Protection said today that images of travelers and vehicles collected at unspecified locations and illicitly transferred to a subcontractor’s network were stolen in a data breach.

CBP did not elaborate on the extent of the breach, but said that “as of today, none of the image data has been identified on the Dark Web or internet” and “no CBP systems were compromised.”

In a statement, the agency said it learned May 31 that “a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network.”

“The subcontractor’s network was subsequently compromised by a malicious cyber-attack,” CBP continued. “Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract.”

Members of Congress have been alerted, and CBP said it is “working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident.”

“CBP will unwaveringly work with all partners to determine the extent of the breach and the appropriate response,” the statement continued. “CBP has removed from service all equipment related to the breach and is closely monitoring all CBP work by the subcontractor. CBP requires that all contractors and service providers maintain appropriate data integrity and cybersecurity controls and follow all incident response notification and remediation procedures. CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same.”

CBP did not name the subcontractor, but the Washington Post said their reporters received a Word copy of the CBP statement on the data breach that used the title “CBP Perceptics Public Statement.” CBP spokeswoman Jackie Wren said she was “unable to confirm” whether Perceptics, which provides license plate readers at all land border crossings in the U.S., was the company involved.

In May, UK IT site The Register reported that Tennessee-based Perceptics was hacked and 65,000 of its files were available for free download on the dark web. The company confirmed to The Register at the time, the site said, that its network had been compromised but declined to elaborate.

House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) said he plans to hold hearings next month on the Department of Homeland Security’s use of biometric information.

“We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public,” Thompson said.

CBP, Others Snatching Up ‘More Powerful Biometrics in Smaller and Smaller Packages’ for Quick, Mobile ID

Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a senior fellow specializing in terrorism analysis at the Haym Salomon Center. She is a Senior Risk Analyst for Gate 15, a private investigator and a security consultant. She is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera and SiriusXM.

Leave a Reply

Latest from Biometrics & ID Management

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security