Customs and Border Protection (CBP) discovered on May 31 that images of travelers and their license plates were obtained by hackers, the agency announced Monday.
“[A subcontractor] had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” CBP explained in a statement. “The subcontractor’s network was subsequently compromised by a malicious cyber-attack.”
The transfer of data to the subcontractor allegedly took place without CBP’s knowledge or permission. CBP made it clear that none of its own systems were compromised and is working with law enforcement and cybersecurity experts. CBP also stated that less than 100,000 travelers were affected.
As of Monday, the agency reported “none of the image data has been identified on the Dark Web or internet.”
Although CBP was unwilling to identify the contractor in question, the Washington Post reports the likely culprit was Perceptics, This breach coincides with a breach against the license plate reader manufacturer.
Government data breaches are hardly new — FEMA’s track record on data security is abysmal, for instance — but the CBP breach comes as government entities are increasing biometric data collection efforts including advanced facial recognition technology.
“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” Neema Singh Guliani, a spokesperson for the American Civil Liberties Union, said in a statement. “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”
But CBP is nevertheless aggressively pursuing facial recognition technology, hoping to have it able to biometrically track 100% of international travel (including by American citizens) by 2021, according to reports.
“Government use of biometric and personal identifiable information can be valuable tools only if utilized properly. Unfortunately, this is the second major privacy breach at DHS this year,” said Rep. Bennie Thompson (D-Mississippi), chair of the House Homeland Security Committee. “We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public.”
CBP informed Congress of the leak Saturday.
Katelyn Kivel is a contributing editor and senior legal reporter for Grit Post in Kalamazoo, Michigan. Follow her on Twitter @KatelynKivel.