This report first appeared on CyberScoop.com.
U.S. Customs and Border Protection said Monday that one of its subcontractors had been breached in a “malicious cyberattack,” compromising an unspecified number of images of travelers and license plates.
The hackers struck after the unnamed subcontractor transferred copies of the images collected by CBP to the subcontractor’s network, the Department of Homeland Security agency said in a statement.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” a CBP spokesperson said, adding that the breached data had yet to show up on the dark web or public internet.
In an updated statement Monday night, a CBP official said the compromised traveler images appeared to involve less than 100,000 people. “[P]hotographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5-month period,” the official said. “No other identifying information was included with the images.”
CBP, which learned about the hack on May 31, has told members of Congress about the breach and is working with law enforcement agencies and “cybersecurity entities” to investigate, the spokesperson said.
While CBP did not identify the hacked subcontractor, the statement it emailed to The Washington Post included “Perceptics” in the title. Tennessee-based Perceptics, which provides license-plate-scanning services for CBP, was the victim of a hack and had its data posted to the dark web, The Register reported last month. It is unclear if that is the same breach announced by CBP on Monday.
Perceptics could not be immediately reached for comment.
Read more at CyberScoop.com.