U.S. Customs Hit With Data Breach: Traveller Information Exposed Drew Wilson | June 13, 2019 The U.S. Customs and Border Protection is admitting that they are one of the latest victims of a data breach. Among the data stolen: license plate and pictures. If you live in the US and know someone who travels a lot, then you might have noticed that they are a bit more on edge than normal. This is because the U.S. Customs and Border Protection (CBP) is the latest entity hit with a data breach. Here’s a report from The Washington Post: Customs officials said in a statement Monday that the images, which included photos of people’s faces and license plates, had been compromised as part of an attack on a federal subcontractor. CBP makes extensive use of cameras and video recordings at airports and land border crossings, where images of vehicles are captured. Those images are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S. Fewer than 100,000 people were impacted, said CBP, citing “initial reports.” The photographs were taken of people in vehicles entering and exiting the U.S. over a month and a half through a single land border entry port, which CBP did not name. Officials said the stolen information did not include other identifying information, and no passport or other travel document photos were compromised. The agency learned of the breach on May 31 and said that none of the image data had been identified “on the Dark Web or Internet.” But reporters at The Register, a British technology news site, reported late last month that a large haul of breached data from the firm Perceptics was being offered as a free download on the dark web. That report from the Register notes the following: In fact, Perceptics recently announced, in a pact with Unisys Federal Systems, it had landed “a key contract by US Customs and Border Protection to replace existing LPR technology, and to install Perceptics next generation License Plate Readers (LPRs) at 43 US Border Patrol check point lanes in Texas, New Mexico, Arizona, and California.” On Thursday this week, however, an individual using the pseudonym “Boris Bullet-Dodger” contacted The Register, alerting us to the hack, and provided a list of files exfiltrated from Perceptics’ corporate network as proof. We’re assuming this is the same “Boris” involved in the CityComp hack last month. Boris declined to answer our questions. The file names and accompanying directories – numbering almost 65,000 – fit with the focus of the surveillance technology biz. They include .xlsx files named for locations and zip codes, .jpg files with names that refer to “driver” and “scene,” .docx files associated with presumed government clients like ICE, and date-and-time stamped .jpgs and .mp4 files. And there many other types of files: .htm, .html, .txt, .doc, .asp, .tdb, .mdb, .json, .rtf, .xls, and .tif among others. Many of the image files, we’re guessing, are license plate captures. The files also include .mp3 files, presumably from someone’s desktop or laptop PC. Among the songs: Superstition, by Stevie Wonder, and Wannabe by Spice Girls, and a variety of AC/DC and Cat Stevens songs. The stolen files amount to hundreds of gigabytes and include Microsoft Exchange and Access databases, ERP databases, HR records, Microsoft SQL Server data stores, and so on. This information, which includes business plans, financial figures, and personal information, is presently available in multiple .rar files on the dark web. The combination of the two reports really represents a situation of where things are either ugly or uglier. If that’s the same hack, then it’s possible the data that was stolen is much larger than reporter. If it’s not the hack, then it raises the prospect that the organization has been hacked a second time which would be much worse. It’s unclear which possibility is true, but neither represents a very pretty picture for the organization. June is becoming a rather busy month for compromised information. The month started off with a bang when First American suffered a data leak. That saw 885 million files exposed. From there, Marriott’s parent company was hit with a data breach where 85.4GB of security data was exposed. From there, Quest Diagnostics was hit with a data breach where 12 million patients were exposed. Medical information being compromised wound up delivering a one-two punch after LabCorp followed that up with its own breach. That saw 7.7 million patients exposed. While the scope of this latest breach is unclear, this shows how the personal information security crises seems to be continuing unabated. Drew Wilson on Twitter: @icecube85 and Facebook.