In a recent statement, the US Customs and Border Protection (CBP) revealed that a malicious cyber-attack caused a data breach of one of its subcontractors which had stored copies of traveler images and license plate images that the CBP collected. The data breach leaked the license plate information and photos of the travelers, highlighting the issue of cyber-attacks and the still inadequate prevention mechanisms in place.

Cyber-Attack renews safety concerns

There is never a good time for a cyber-attack to take place, but this breach could not have happened at a worse time for the CBP. The CBP was seeking to expand its collection of personal information from travelers, including social media identifiers, license plate information, and facial images. A senior ACLU lawyer said that this breach will likely lead to a hold on the expansion efforts and push Congress to investigate the agency’s data practices.

The cyber-attack has renewed concerns among the public about federal surveillance systems and facial recognition.

The agency noted that no image data has been identified on the internet or the dark web. It explained that a subcontractor transferred copies of traveler images and license plate images to the subcontractor’s network without the CBP’s knowledge or authorization, in violation of the agency’s policies. The subcontractor’s network was later breached by the hacking group. The CBP, which reported that none of its systems were breached, removed the subcontractor’s equipment from service and is now monitoring all the work directly.

How many people did the data breach affect?

The data of over 100,000 people who entered and exited the country in vehicles during a 1.5-month period through specific lanes at one land border were stolen.