US Customs has confirmed it suffered a data breach which may have meant traveller photos and information have been stolen.
When people leave or enter a country, their faces are usually photographed by border control to keep track of who moves in and out. Pretty much same goes for license plates.
For the US Customs and Border Protection (US CBP), all that data resides on connected systems, which someone (or a group of people, more likely) used and managed to download all that information.
This was confirmed by the US CBP, which said the data was stolen from a third party subtractor. Issuing a statement, the CBP said the subcontractor "violated mandatory security and privacy protocols" by moving the data into its own network.
We don’t know the scope of the problem, as the CBP is so far keeping quiet on how much data was stolen, or how many people have been compromised with this theft. What we do know, however, is that the Congress has been briefed and is ‘closely monitoring’ the situation.
At the time of writing, the stolen information had not yet appeared on the dark web, or elsewhere.
Supply chain attacks are becoming increasingly popular lately. Large organisations and government institutions usually have strong security set up, but the companies they work with rarely do. That presents hackers with a unique opportunity of hitting a larger target, by compromising a smaller target first.
According to Engadget (opens in new tab), these incidents are an extra argument against facial recognition tech at airports. It’s bad enough that hackers can get a hold of people’s names – they don’t need to be able to easily link it to an image, as well.
Image source: Shutterstock/Ai825