US Confirms Traveler Photos Stolen in Cyberattack
Internet hackers have stolen tens of thousands of pictures of travelers and vehicles collected at the United States border.
U.S. Customs and Border Protection, or CBP, officials confirmed the attack on Monday. The agency said the photographs were stolen from the computer network of a contractor that captures the images for the government. Officials did not name the contractor.
A CBP spokesman told the Associated Press that the agency believes that the incident involved the photographs of fewer than 100,000 people. Images were taken of travelers in vehicles entering and leaving the United States at a single land border crossing over one-and-a-half months, the spokesman said. The images also included license plates of vehicles crossing the border.
The CBP said in a statement that it learned of the cyberattack on May 31. The agency said the government contractor violated CBP policies by copying the pictures to the company's computer network. Officials said only the contracting company's network was hit in the cyberattack. The CBP's computer systems remained safe.
The CBP statement said none of the image information had so far been identified as appearing on the internet or the "dark web." The dark web is a part of the internet that cannot be found through normal search engines. It uses digital tools to hide identifying information and is often used for criminal activity.
The CBP said it was working with other law enforcement agencies "to actively investigate" the attack. The agency said it had "removed from service" all equipment related to the incident and was closely watching all CBP work done by the contractor.
"CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same," the agency statement said.
U.S. Customs and Border Protection is part of the Department of Homeland Security (DHS). The DHS described its automated vehicle license readers in a 2017 privacy document. The document said the readers are used for identifying, catching "and removing individuals illegally entering the United States at and between ports of entry or otherwise violating U.S. law."
The license plate information is checked against existing records shared among 13 federal agencies, the AP reported.
Representative Bennie Thompson of Mississippi serves as chairman of the U.S. House Committee on Homeland Security. Thompson noted that the incident was the "second major privacy breach at DHS this year."
In March, the DHS's inspector general announced the Federal Emergency Management Agency had wrongly released to a contractor the personal information of 2.3 million U.S. disaster survivors.
Thompson said in a statement that U.S. officials "must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public."
The British computer security website The Register said the hacker responsible informed the publication in late May of the attack. The Register identified the government contractor as the company Perceptics. The company has not yet publicly discussed the hacking incident.
The Tennessee-based company describes itself as the provider of license-plate readers for passenger vehicle inspection "at all land border ports of entry in the United States, Canada and at the most critical lanes in Mexico."
Civil liberties groups have expressed concern at the general lack of rules covering license plate-reading cameras and image collection by government agencies and law enforcement. Critics say the technology carries the risk of abuses when the private information of citizens is widely shared among agencies or stolen in cyberattacks.
I'm Bryan Lynn.