- Sputnik International
World
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

Traveler, License Plate Photos Stolen in US Customs & Border Protection Breach

© Flickr / Colm MacCárthaighA pilot program by US Department of Homeland Security which uses facial recognition technology to detect immigration violators at points of entry has privacy advocates concerned.
A pilot program by US Department of Homeland Security which uses facial recognition technology to detect immigration violators at points of entry has privacy advocates concerned. - Sputnik International
Subscribe
The cybersecurity of US government agencies remains questionable as yet another attack was carried out against a subcontractor under the US Customs and Border Protection (CBP), resulting in the loss of traveler and license plate photos stored in the company’s database, according to a Monday statement from the agency.

The unauthorized copying of a database containing identification images and license plate images of American citizens by the subcontractor onto its own server and the subsequent hacking of that server was only announced by the CBP on Monday, well over a week after the law enforcement agency was notified of the data breach.

The images, which were compiled on a government database for use in airport facial recognition software, were obtained by hackers on May 31. The agency revealed it has since alerted members of the US Congress and also claimed the photos obtained have not yet appeared on the Dark Web.

"In violation of CBP policies and without CBP's authorization or knowledge, [a subcontractor] transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network," CBP announced. "The subcontractor's network was subsequently compromised by a malicious cyberattack."

Migrants reportedly attempting to storm U.S.-Mexico border - Sputnik International
US Apprehended 130,000 Migrants at Southwest Border With Mexico in May - CBP

The statement highlights that “no CBP systems were compromised,” meaning it was only the subcontractor whose security was breached.

“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” further notes CBP.

In May, a similar cyberattack was carried out against US-based Perceptics, a company that offered license-plate recognition software to government agencies such as the US Immigration and Customs Enforcement (ICE). The data breach resulted in the loss of hundreds of gigabytes of data that was later published online by the hacker.

White House in Washington, DC - Sputnik International
US Running Tests to See if 2020 Elections Could Be Hacked - White House

The subcontractor’s name has yet to be released, but rather than announcing their departure from the anonymous company who violated their contract, CBP said it would be “closely monitoring all CBP work by the subcontractor.”

"This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices,” American Civil Liberties Union senior legislative counsel Neema Singh Guliani told CNet Monday, adding that “the best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place."

Just last week, members of Congress grew skeptical of the FBI’s ability to implement “adequate privacy and accuracy guardrails” for US citizens after Government Accountability Office (GAO) representative Gretta Goodwin revealed the bureau’s available database contained some “640 million photos” of Americans nationwide.

Central American migrants turn themselves in to U.S. Border Patrol as they seek asylum after illegally crossing the Rio Grande near Penitas, Texas, U.S., April 6, 2019 - Sputnik International
ICE Officials Warn of ‘Unprecedented Level of Child Endangerment’ at US Border

As a result, Republican Reps. Jim Jordan and Mark Meadows openly expressed their concerns about the push for facial recognition software, with Meadows suggesting a pause on the tech’s implementation “until we make sure that isn’t not violating our Fourth Amendment rights and civil liberties.”

CBP’s statement’s conclusion claims all equipment related to breach has been “removed from service.” The agency also claimed an investigation has been launched with the help of additional law enforcement, cybersecurity experts and CBP’s own Office of Professional Responsibility.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала