CBP Says Thousands of Traveler Photos Stolen in ‘Malicious Cyber-Attack’

Yet another example of supply chain risk. I’m interested in what controls are in place to check the suppliers’ use of data that’s been collected…:

Customs and Border Protection officials on Monday said personal information the agency collected on travelers entering and exiting the U.S. was exposed in “a malicious cyber-attack.”

The breach occurred after one of CBP’s subcontractors illegally transferred images of travelers and license plate photos collected by the agency to its internal networks, which were then compromised by the attack, according to a CBP spokesperson. The agency declined to name the subcontractor that was compromised.

The breach exposed photos of fewer than 100,000 people traveling in their vehicles “through a few specific lanes at a single land border port of entry,” a CBP official said in an update Monday night. The images were taken over a period of roughly one and a half months, the official said, and no other identifying information was included with the images.

No photos from passports or other government travel documents were stolen in the breach, nor were any of the images collected through CBP’s biometric entry and exit program, according to the official.

As of June 10, the agency said none of the images had been identified “on the Dark Web or internet,” and they will continue to monitor for any “unauthorized disclosure.” The agency said officials were first made aware of the breach on May 31.

[…]

Original article here