U.S. Customs and Border Protection Hit by "Malicious Cyberattack"
The US Customs and Border Protection agency has confirmed one of its subcontractors was hit by a “malicious cyberattack”. The data breach managed to obtain passenger photos and license plate details of passengers entering and exiting the US via an international airport.
The hack raises “concerns over how federal officials’ expanding surveillance efforts could imperil Americans’ privacy,” according to Drew Harwell and Geoffrey A. Fowler from the Sydney Morning Herald. It also calls into question the integrity of the systems utilised by government agencies, in which highly sensitive data is housed.
CBP officials have released a statement stating that “CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network.”
A Federal watchdog has previously criticised the accuracy of the system.
The subcontractor’s network was then attacked and breached. No CBP systems were compromised, the agency said.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” the statement continued.
The agency first became aware of the breach on May 31, according to the release. CBP did not confirm how many photos were accessed, if U.S. citizens were affected, nor name the subcontractor in question.
The US Customs and Border Protection agency processes the details and houses data from around one million travellers every day.
They did however confirm that “none of the image data has been identified on the Dark Web or internet.”
Democratic Senator Ron Wyden told The Post that “if the government collects sensitive information about Americans, it is responsible for protecting it- and that’s just as true if it contracts with a private company.”
“Anyone whose information was compromised should be notified by customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future,” he continued.
“This incident should be a lesson to those who have supported expanding government surveillance powers - these vast troves of American’s personal information are a ripe target for attackers,” Wyden concluded.
Neema Singh Guliani from the American Civil Liberties Union has since issued a statement outlining that the latest breach “further underscores the need to put the brakes” on the government’s facial recognition technologies.
“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” she said.