Navigation
Download the AMN app for your mobile device today - FREE!
  •  

Thousands of CBP database traveler photos and license plates leaked in cyberattack

U.S. Customs and Border Protection personnel along with DOD personnel secure the San Ysidro Port of Entry against attempts to illegally enter the United States from Mexico. (Mani Albrecht/U.S. Customs and Border Protection Office of Public Affairs Visual Communications Division)
June 13, 2019
135 Shares

Tens of thousands of photos bearing the faces of travelers and license plates were leaked in a cyberattack in late May.

The Customs and Border Protection (CBP) described the incident as a “malicious cyber-attack” that took place after the photos were transferred to the network of an unnamed subcontractor, a process unbeknownst to CBP, according to a CBP statement reported by BuzzFeed News on Monday.

A total number of compromised photos was not released.

“On May 31, 2019, CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised,” the statement said.

. ADVERTISEMENT .

A preliminary investigation revealed “the subcontractor violated mandatory security and privacy protocols outlined in their contract,” CBP noted in the statement.

CBP said it has been in communication with Congress, and law enforcement and cybersecurity agencies to investigate the cyberattack. “CBP will unwaveringly work with all partners to determine the extent of the breach and the appropriate response,” the agency promised.

The hacked photos have not appeared online or on the dark web so far, the CBP said.

“CBP has removed from service all equipment related to the breach and is closely monitoring all CBP work by the subcontractor,” the agency said in the statement.

The photos were captured by the CBP during a six-week-long project at a single port of entry where less than 100,000 vehicle travelers passing in and out of the U.S. were photographed.

The process is part of the “biometric entry-exit system” that the agency is rolling out in an aim to capture the photos of every American and international airport traveler and apply facial recognition technology.

The project will be implemented in the top 20 airports in the U.S. by 2021.

ADVERTISEMENT

It has drawn criticism from civil rights advocates who say the project is a violation of privacy.

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” Neema Singh Guliani, a lawyer for the American Civil Liberties Union, said in a statement reported by BuzzFeed.

“Government use of biometric and personal identifiable information can be valuable tools only if utilized properly. Unfortunately, this is the second major privacy breach at DHS this year,” Rep. Bennie Thompson, chairman of the House Homeland Security Committee, told Buzzfeed.

“We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public,” he added.

135 Shares