Fast company logo
|
advertisement

NEWS

A database containing photos of travelers entering and leaving the U.S. has been hacked

License plate images were also obtained in the hack on a subcontractor.

A database containing photos of travelers entering and leaving the U.S. has been hacked

[Photo: Josh Sorenson/Unsplash]

BY Michael Grothaus2 minute read

The U.S. Customs and Border Protection has revealed that a database containing tens of thousands of images of travelers entering and leaving the United States has been hacked and stolen, reports BuzzFeed News. The Border Patrol isn’t the one at fault here, however. In a statement, the organization revealed that one of its subcontractors violated CBP policy without the organization’s knowledge by transferring copies of license plate images and traveler images to the subcontractor’s company’s network. That network was then compromised by a “malicious cyberattack.”

The CBP confirmed that the images of people and license plates obtained in the hack came through specific lanes at a single port of entry into the United States, without revealing which port of entry that was. The CBP also confirmed that the images compromised cover a one and a half month period and that less than 100,000 people had their information compromised by the attack.

Though government systems were not breached in the attack, the incident highlights how vulnerable our data is at a time when governmental organizations are collecting more data about people than ever before. And as this hack shows, that data is very valuable to hackers and bad actors across the globe. You can read the CBP’s statement on the incident below:

On May 31, 2019, CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised.

Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract. As of today, none of the image data has been identified on the Dark Web or internet. CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident. CBP will unwaveringly work with all partners to determine the extent of the breach and the appropriate response.

CBP has removed from service all equipment related to the breach and is closely monitoring all CBP work by the subcontractor. CBP requires that all contractors and service providers maintain appropriate data integrity and cybersecurity controls and follow all incident response notification and remediation procedures. CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same.

advertisement
CoDesign Newsletter logo
The latest innovations in design brought to you every weekday.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy Policy

ABOUT THE AUTHOR

Michael Grothaus is a novelist and author. He has written for Fast Company since 2013, where he's interviewed some of the tech industry’s most prominent leaders and writes about everything from Apple and artificial intelligence to the effects of technology on individuals and society. Michael’s current tech-focused areas of interest include AI, quantum computing, and the ways tech can improve the quality of life for the elderly and individuals with disabilities More


Explore Topics