Share

US Customs says traveler images exposed in cyberattack

Share

Customs and Border Protection said Monday that photos of travelers and license plates collected at a single U.S. border point have been exposed in a malicious cyberattack in what a leading congressman called a “major privacy breach.”

The federal agency did not name the subcontractor whose computer network was hacked, but the announcement followed news that a Tennessee-based company that bills itself as the sole provider of stationary license plate readers at U.S. borders had been compromised.

A Customs spokesman said initial reports indicated that the images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States at a single land-border port of entry over one and a half months.

Automated license-plate readers are used for “detecting, identifying, apprehending, and removing individuals illegally entering the United States at and between ports of entry or otherwise violating U.S. law,” the Department of Homeland Security says in a December 2017 privacy document . Recorded license plates are checked in real time against DHS databases to which 13 federal agencies have access.

The U.K. computer security website The Register, which said the hacker responsible alerted it to the breach in late May, identified the company as Perceptics. A spokesman for the company did not immediately respond to an email from The Associated Press seeking comment.

CBP said none of the data had surfaced on the internet or Dark Web. The Register said the hacker provided it with a list of files exfiltrated from the Perceptics corporate network and said a company spokesperson had confirmed the hack.

“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” CBP said in a statement.

The agency said it learned of the data breach May 31. It said the subcontractor had transferred copies of the images to its company network in violation of government policies and without the agency’s authorization.

No Customs networks or databases were breached, the agency spokesman said.

The chairman of the House Homeland Security Committee, Rep. Bennie Thompson of Mississippi, noted with alarm that this is the “second major privacy breach at DHS this year.”

“We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public,” he said in a statement.

In March, the Homeland Security Department’s inspector general announced that another of its subdivisions, the Federal Emergency Management Agency, had wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing those affected to identity fraud and theft.

Thompson said he planned hearings next month on the department’s use of biometric information, which is on the rise, affects millions and is occurring with little congressional oversight.

Perceptics, of Farragut, Tennessee, bills itself as the sole provider of license-plate readers “for passenger vehicle primary inspection lanes at all land border ports of entry in the United States, Canada and at the most critical lanes in Mexico.”

Related:
Police Detain Man in CEO Murder Case Thanks to Tip from Elderly McDonald's Customer

It says it has secured “thousands of border checkpoints” and says its products automate over 200 hundred million vehicle inspections annually.

Perceptic technology is also used in electronic toll collection and roadway monitoring.

Civil liberties groups including the ACLU and the Electronic Frontier Foundation have expressed alarm at the general lack of regulation of license plate-reading cameras and burgeoning databases maintained by government agencies including CBP, Immigration and Customs Enforcement and the FBI.

The critics say the technology has great potential to be abused for surveillance and location-tracking and there are limited restrictions on the dissemination of biometric data, including fingerprints and face scans. It is shared with state and local law enforcement and even foreign nations.

On June 1, the U.S. State Department began requiring nearly all applicants for U.S. visas to submit their social media usernames, previous email addresses and phone numbers.

__

Frank Bajak on Twitter: http://twitter.com/fbajak

__

Associated Press writer Colleen Long contributed to this report.

The Western Journal has not reviewed this Associated Press story prior to publication. Therefore, it may contain editorial bias or may in some other way not meet our normal editorial standards. It is provided to our readers as a service from The Western Journal.

Truth and Accuracy

Submit a Correction →



We are committed to truth and accuracy in all of our journalism. Read our editorial standards.

Tags:
Share
The Associated Press is an independent, not-for-profit news cooperative headquartered in New York City. Their teams in over 100 countries tell the world’s stories, from breaking news to investigative reporting. They provide content and services to help engage audiences worldwide, working with companies of all types, from broadcasters to brands. Photo credit: @AP on Twitter
The Associated Press was the first private sector organization in the U.S. to operate on a national scale. Over the past 170 years, they have been first to inform the world of many of history's most important moments, from the assassination of Abraham Lincoln and the bombing of Pearl Harbor to the fall of the Shah of Iran and the death of Pope John Paul.

Today, they operate in 263 locations in more than 100 countries relaying breaking news, covering war and conflict and producing enterprise reports that tell the world's stories.
Location
New York City




Advertise with The Western Journal and reach millions of highly engaged readers, while supporting our work. Advertise Today.

Conversation