Tens of thousands of images of travellers and vehicle license plates stored by the Customs and Border Protection agency in the United States have been stolen in a digital breach, prompting renewed questions about how the federal government secures and shares personal data.
An official at the agency said that it learned on May 31, that a federal subcontractor had transferred copies of the images to the subcontractor’s network. According to the agency, this was done without its knowledge and in violation of the contract. The subcontractor’s network was then hacked.
The hacked material did not include images from airports, but rather of drivers in their cars and license plates of vehicles crossing through one port of entry over a six-week period. One United States government official said no more than 100,000 people had their information compromised by the attack.
If that number is correct, it would be far smaller than a 2014 breach at the Office of Personnel Management, which lost roughly 22 million security clearance files for government officials and contractors. In that case, China was later identified as the nation that had pulled off what remains the largest known theft of US government data.
“As of today, none of the image data has been identified on the dark web or internet,” the Customs and Border Protection agency stated.
The customs and border agency is part of the Homeland Security Department, which has primary responsibility for cyber security inside the United States.
According to the New York Times, “imagery of travellers arriving in the United States would be of little value to thieves. But it might be useful to foreign governments interested in tracking Americans, or in the agency’s procedures.”
A government official has identified the subcontractor as Perceptics, a Tennessee-based company that makes license plate readers and provides the US government with other border security services. Perceptics was reported last month to have been hacked. It is not clear whether the breach reported by the government on Monday was the same incident.
The hacking of photos and license plate information comes as Customs and Border Protection has been widening its surveillance of both United States residents and visitors.
The full New York Times report is available via the link (subscription may be required).