US Customs and Border Protection Says Travelers' Photos Stolen in Data Breach

Images of travelers have been compromised as part of a cyber attack that has just been revealed by U.S. Customs and Border Protection officials.

Officials declined to reveal how many images were stolen as part of the attack, but the issue is triggering concerns about how expanding surveillance efforts being conducted by federal officials may impact Americans' privacy, according to The Washington Post.

MORE Impacting Travel

TIAC Seeks Canadian Quarantine Program Replacement and...

New Brunswick Premier: Surplus Vaccines for Canada Might...

Study Says Canadians Itching For International Travel But...

CBP processes more than one million passengers and pedestrians crossing U.S. borders each day. That figure includes more than 690,000 incoming land travelers.

The agency uses cameras and video recordings at airports and land border crossings where images of vehicles are captured, The Washington Post reported.

The stolen photos include images of people’s faces and also their license plates and were compromised during an attack on a federal subcontractor.

Airport operations were not impacted by the breach, CBP said.

The image collection is part of the growing facial recognition program that aims to track people who are entering and exiting the United States.

A statement issued by CBP said it learned of the breach on May 31. The same statement indicated that none of the image data had been identified “on the Dark Web or Internet.”

However, reporters for a British technology news website The Register reported last month that a significant amount of breached data from the firm Perceptics was being offered on the dark web.

The website reported that the maker of vehicle license plate readers used extensively by the US government and by cities to identify and track citizens and immigrants had been hacked. The article added that the company’s files were being offered for free on the dark web to download.

CBP has declined to name the subcontractor involved in the breach. However, an initial CBP statement about the matter sent to The Washington Post on Monday included the name “Perceptics” in the title: “CBP Perceptics Public Statement.”

Civil rights and privacy advocates expressed concern about the theft, suggesting it is an indication that the government’s growing database of identifying imagery has become a tempting target for hackers and cybercriminals.

“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union, told The Washington Post. "This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place.”