Updated Jun 10, 2019

Subcontractor data breach exposes travelers' U.S. Customs photos

US Customs and Border Protection officer

Photo: Alex Edelman/Getty Images

A U.S. Customs and Border Protection subcontractor suffered a breach after it had improperly transferred images of license plates and traveler photos to its own network, CBP confirmed Monday.

The latest: In an update around 5 hours after news of the breach broke, Customs and Border Protection narrowed the scope of which documents they believe were accessed by the hackers.

  • The latest reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border port of entry over a 1.5 month period. No other identifying information was included with the images, a CBP spokesperson said via email.
  • The spokesperson added: "No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

The contractor was not identified by CBP.

  • CBP claimed in their initial release that the copied data has not appeared in criminal marketplaces known to traffic in stolen personal information.
  • However, the Washington Post reports it received a CBP statement with a header reading "CBP Perceptics Public Statement" — Perceptrics being the name of a company that makes license plate readers.
  • The technology site The Register recently reported Perceptrics had been breached, with 65,000 files posted for free download.
  • CBP became aware that data had been copied on May 31.

What happens next: The agency "has removed from service all equipment related to the breach and is closely monitoring all CBP work by the subcontractor," according the CBP representative.

Editor's note: This story has been updated with additional detail.

Go deeper