Listen Live
    A pilot program by US Department of Homeland Security which uses facial recognition technology to detect immigration violators at points of entry has privacy advocates concerned.

    Traveler, License Plate Photos Stolen in US Customs & Border Protection Breach

    © Flickr/ Colm MacCárthaigh
    US
    Get short URL
    0 51

    The cybersecurity of US government agencies remains questionable as yet another attack was carried out against a subcontractor under the US Customs and Border Protection (CBP), resulting in the loss of traveler and license plate photos stored in the company’s database, according to a Monday statement from the agency.

    The unauthorized copying of a database containing identification images and license plate images of American citizens by the subcontractor onto its own server and the subsequent hacking of that server was only announced by the CBP on Monday, well over a week after the law enforcement agency was notified of the data breach.

    The images, which were compiled on a government database for use in airport facial recognition software, were obtained by hackers on May 31. The agency revealed it has since alerted members of the US Congress and also claimed the photos obtained have not yet appeared on the Dark Web.

    "In violation of CBP policies and without CBP's authorization or knowledge, [a subcontractor] transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network," CBP announced. "The subcontractor's network was subsequently compromised by a malicious cyberattack."

    The statement highlights that “no CBP systems were compromised,” meaning it was only the subcontractor whose security was breached.

    “Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” further notes CBP.

    In May, a similar cyberattack was carried out against US-based Perceptics, a company that offered license-plate recognition software to government agencies such as the US Immigration and Customs Enforcement (ICE). The data breach resulted in the loss of hundreds of gigabytes of data that was later published online by the hacker.

    The subcontractor’s name has yet to be released, but rather than announcing their departure from the anonymous company who violated their contract, CBP said it would be “closely monitoring all CBP work by the subcontractor.”

    "This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices,” American Civil Liberties Union senior legislative counsel Neema Singh Guliani told CNet Monday, adding that “the best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place."

    Just last week, members of Congress grew skeptical of the FBI’s ability to implement “adequate privacy and accuracy guardrails” for US citizens after Government Accountability Office (GAO) representative Gretta Goodwin revealed the bureau’s available database contained some “640 million photos” of Americans nationwide.

    As a result, Republican Reps. Jim Jordan and Mark Meadows openly expressed their concerns about the push for facial recognition software, with Meadows suggesting a pause on the tech’s implementation “until we make sure that isn’t not violating our Fourth Amendment rights and civil liberties.”

    CBP’s statement’s conclusion claims all equipment related to breach has been “removed from service.” The agency also claimed an investigation has been launched with the help of additional law enforcement, cybersecurity experts and CBP’s own Office of Professional Responsibility.

    Related:

    Indian Police Confirm Hack Attack on its Site by Pro-Daesh Group
    Mueller Uses ‘Qualifying,’ ‘Sneaky’ Language to Allege Russia Behind DNC Hack
    Despite Years of Warnings, FBI Hasn’t Adopted Facial Recognition Safeguards
    San Francisco Passes First Municipal Facial Recognition Tech Ban in US
    Meghan and Prince Harry's Private Wedding Photos Hacked, Leaked Online – Reports
    Tags:
    Government Contractor, contractor, personal data breach, data breach, cybersecurity, cyberattack, cybercrime, hack, US Customs and Border Protection (CBP)
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik