US Customs and Border Protection (CBP) has confirmed that tens of thousands of images of travelers and license plates have been stolen in a data breach raising concerns over how the US government handles the security of its subcontractors.
At the end of May, an official at the agency learned that a federal subcontractor had transferred copies of the images on to its network and was subsequently hacked. The subcontractor did this without CBP's knowledge and was clearly in violation of its contract with the US government.
The images stolen by hackers show drivers in their cars along with their license plates as they crossed through one port of entry into the US over a six-week period. According to one US government official, no more than 100,000 people had their information compromised as a result of the data breach.
- Google urged to work with US military
- US government data leak exposes years of investigations
- 2019 is the year we discover the true cost of poor data protection
CBP also said that none of the images stolen in the breach have yet to appear on either the dark web or internet.
The fact that the stolen images have not appeared for sale on the internet yet suggests that cybercriminals were not behind the breach. Instead it could have been the work of a foreign government looking to learn more about the agency's procedures or trying to track American citizens.
CBP has since removed the equipment involved in the breach and has also informed Congress of the attack. However, the agency has declined to say which subcontractor was responsible.
Another government official though, has identified Tennessee-based subcontractor Perceptics as the company behind the breach. Perceptics produces license plate readers and provides the US government with other border security services.
Last month the company reported that it had been hacked but it is still unclear whether this incident is connected to the data breach that resulted in the loss of CBP's images.
- We've also highlighted the best antivirus to keep your systems protected from the latest cyber threats