Subcontractor data breach exposes travelers' U.S. Customs photos
A U.S. Customs and Border Protection subcontractor suffered a breach after it had improperly transferred images of license plates and traveler photos to its own network, CBP confirmed Monday.
The latest: In an update around 5 hours after news of the breach broke, Customs and Border Protection narrowed the scope of which documents they believe were accessed by the hackers.
- The latest reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border port of entry over a 1.5 month period. No other identifying information was included with the images, a CBP spokesperson said via email.
- The spokesperson added: "No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”
The contractor was not identified by CBP.
- CBP claimed in their initial release that the copied data has not appeared in criminal marketplaces known to traffic in stolen personal information.
- However, the Washington Post reports it received a CBP statement with a header reading "CBP Perceptics Public Statement" — Perceptrics being the name of a company that makes license plate readers.
- The technology site The Register recently reported Perceptrics had been breached, with 65,000 files posted for free download.
- CBP became aware that data had been copied on May 31.
What happens next: The agency "has removed from service all equipment related to the breach and is closely monitoring all CBP work by the subcontractor," according the CBP representative.
Editor's note: This story has been updated with additional detail.