US Customs and Border Protection agency discloses data breach that compromised license plates and traveler photos

• The CBP said that one of its contractors transferred copies of license plate images and traveler photos collected by CBP to the company’s network, which was later compromised by an attacker.
• The agency did not reveal the name of the contractor, however, CBP’s public statement sent to the Washington Post included the name “Perceptics” in the title: “CBP Perceptics Public Statement”, indicating that the contractor is Perceptics.

The US Customs and Border Protection agency disclosed that the photos of travelers and license plates have been compromised in a cyber attack at one of its contractors.

The big picture

The CBP said that one of its contractors transferred copies of license plate images and traveler photos collected by CBP to the company’s network, which was later compromised by an attacker.

The CBP collects the images of travelers entering the US along with passport headshots, and images of the license plates for all cars crossing the US border.

The agency added that the contractor company did not have the authorization to transfer these photos to its network and that the company did it without CBP’s knowledge.

• The CBP became aware of the data breach on May 31, upon which it notified law enforcement authorities and members of Congress about the incident.
• The agency also took the necessary steps to remove the images from the contractor’s network.

“CBP learned that a subcontractor, in violation of CBP policies and without CBP's authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network,” the agency said in a statement, Tech Crunch reported.

Who is the contractor?

The CBP did not reveal the name of the contractor, however, The Register reported on May 24, 2019, that a hacker named ‘Boris Bullet-Dodger’ breached a License Plate Recognition Tech Provider ‘Perceptics’ and published the data on the dark web.

Similarly, CBP’s public statement sent to the Washington Post included the name “Perceptics” in the title: “CBP Perceptics Public Statement”, indicating that the contractor is Perceptics.