US Customs Loses Photos, Travel Docs, and License Plate Data in Breach

US Customs Loses Photos, Travel Docs, and License Plate Data in Breach

US Customs and Border Protection (CBP) has confirmed that a data breach has exposed the personal information of travelers into and out of the US. The data reportedly includes photos and travel documents, but the real problem here is the data wasn’t even being stored on a CBP network. The agency points the finger at an unnamed contractor, which copied CBP data to its network where it was later stolen.

According to CBP, it learned about the breach in late May. The agency, which is responsible for enforcing border security and customs, says its network was not the target of the attack. The unnamed subcontractor reportedly moved the data to its own network in violation of CBP regulations. Although, someone at CBP allowed the company sufficient access that it was able to exfiltrate an unknown volume of sensitive data. CBP’s hands are not clean in this. Civil liberties groups place the blame on CBP for collecting and retaining the data in the first place.

It’s hard to know exactly what was leaked and how many travelers are affected because of the nature of the breach. So far, the CBP has only said it includes photos, images of passports/visas, and images of license plates. It could be millions of people, including US citizens and foreign nationals. On the other hand, the subcontractor might have only copied a small amount of data without authorization.

A Perceptics vehicle ID camera.
A Perceptics vehicle ID camera.

CBP also has yet to name the subcontractor, but the document describing the attack has the name “Perceptics” in the title. That firm claims to provide all the license plate readers used at US borders. The photos in question are most likely the ones taken by border patrol when checking documents. Further reporting notes that airport operations haven’t been impacted, suggesting the data is limited to land crossings. Recent reports from media outlets have claimed that data stolen from Perceptics is available in various locations around the dark web. We don’t yet know if these events are connected, but it seems like a safe bet.

Border patrol has been working on a facial recognition system that has been roundly criticized for its accuracy and usefulness, but there’s no evidence Perceptics has any connection to that system. Although, if you wanted to build a facial recognition database, a cache of photographs paired with government-issued IDs like a passport would be the perfect data set.

Top photo credit: US Customs and Border Patrol

Continue reading

Review: DJI’s New Mini 2 May Be the Perfect Travel Drone
Review: DJI’s New Mini 2 May Be the Perfect Travel Drone

If you love traveling with your drone but hate lugging around a lot of gear, DJI's Mini 2 may be the perfect solution.

Intel’s CEO Travels to Europe to Talk Foundries as Silicon Nationalism Rises
Intel’s CEO Travels to Europe to Talk Foundries as Silicon Nationalism Rises

Intel CEO Pat Gelsinger will travel to Europe next week to meet with EU officials about building additional fabs in Europe. This could be part of the EU's effort to take a much larger share of global semiconductor manufacturing by 2030.

Alder Lake Extravaganza: Intel Unloads Details on its Next-Gen CPU
Alder Lake Extravaganza: Intel Unloads Details on its Next-Gen CPU

Intel's desktop CPUs have been stuck on 14nm for over six years now, and the cracks in that process node have been showing for at least two. The manufacturer was finally ready to share details on Alder Lake, Gracemont, and Golden Cove with us, and it had a lot to talk about.

DJI Mini 3 Pro Review: Setting a New High Bar For Travel Drones
DJI Mini 3 Pro Review: Setting a New High Bar For Travel Drones

Flying a pre-release version of DJI's new Mini 3 Pro drone for a couple weeks has left me very impressed by how much capability DJI has fit into a sub-250 gram, sub $1K, drone.