The US Customs and Border Protection has reportedly suspended a subcontractor following a “malicious cyberattack” in May that caused it to lose photos of travelers into and out of the country. Perceptics, which makes license plate scanners and other surveillance equipment for CBP, has been suspended from contracting with the federal government, the Washington Post reported Tuesday.
On June 12, CBP had confirmed that in violation of its policies, a subcontractor had “transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network.” Thethat affected under 100,000 people who entered and exited the US in a vehicle through several specific lanes at one land border during a 1.5-month period.
Federal records showed CBP officials citing “evidence of conduct indicating a lack of business honesty or integrity,” Washington Post reported.
Passports and travel document photos weren’t taken in the cyberattack, but it was reported later in June that the, including government agency contracts, budget spreadsheets and even Powerpoint presentations.
The agency has been expanding its use of a face-matching system called Biometric Exit at departure gates in several airports across the nation.
“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” Neema Singh Guliani, American Civil Liberties Union senior legislative counsel, said in a statement in June. “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices.
“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”
Sen. Rick Scott also demanded answers from Acting Homeland Security Secretary Kevin McAleenan on what exactly happened.
“Americans deserve to know how their personal information is being used, especially by their government,” he wrote. “Anything other than full transparency is unacceptable.”
CBP and Perceptics didn’t immediately respond to a request for comment.