By Frank Bajak / Associated Press
U.S. Customs and Border Protection said Monday that photos of travelers and license plates collected at the nation’s borders have been exposed in a malicious cyberattack.
The federal agency did not name the subcontractor whose computer network was hacked, but the announcement followed news that a Tennessee-based company that bills itself as the sole provider of stationary license plate readers at U.S. borders had been compromised.
The U.K. computer security website The Register, which said the hacker responsible alerted it to the breach in late May, identified the company as Perceptics.
A spokesman for the company did not immediately respond to an email from The Associated Press seeking comment.
A congressional staffer whose office was notified by the agency said the breach affected fewer than 100,000 people. The staffer was not authorized to speak publicly on the matter and spoke on condition that the staffer not be further identified.
CBP said none of the data had surfaced on the internet or Dark Web. The Register said the hacker provided it with a list of files exfiltrated from the Perceptics corporate network and said a company spokesperson had confirmed the hack.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” the agency said in a statement.
CBP said it learned of the data breach May 31. It said the subcontractor had transferred copies of the images to its company network in violation of government policies and without the agency’s authorization.
Perceptics, of Farragut, Tennessee, bills itself as the sole provider of license-plate readers “for passenger vehicle primary inspection lanes at all land border ports of entry in the United States, Canada and at the most critical lanes in Mexico.”
It says it has secured “thousands of border checkpoints” and says its products automate over 200 hundred million vehicle inspections annually.
Perceptic technology is also used in electronic toll collection and roadway monitoring.
Civil liberties groups including the ACLU and the Electronic Frontier Foundation have expressed alarm at the general lack of regulation of license plate-reading cameras and databases, saying the technology has great potential to be abused for surveillance and location-tracking.