Tens of thousands of images of travellers crossing the US border with Mexico have been lifted by hackers in a major cyber attack.
The US Customs and Border Patrol (CBP) said the breach, which affected the network of a sub-contractor, also saw images of vehicle licence plates stolen.
Based on the CBP’s initial reports, fewer than 100,000 people were affected by the cyber attack. The agency has refuted claims that the hacked data has been shared on the dark web.
In a statement, the agency said it had removed the equipment involved in the breach from service and had alerted Members of Congress. It also said it was “working closely with other law enforcement agencies and cyber-security entities…to actively investigate the incident”.
- Radiohead Thwart Hacker by Releasing Stolen Music
- Scientists to Search for Ancient Scottish Meteorite Crater
- TalkTalk Hacker Slapped With Four Year Sentence
As part of a facial recognition programme to track people entering and exiting the country, the agency has cameras in operation at both airports and land border crossings. Asserting that its own systems had not been affected, the CBP laid the blame on the sub-contractor involved in the breach, which was discovered on the 31st of May.
CBP said that the sub-contractor had stored the images on its systems without official consent from the agency. The hacked images were of people in vehicles entering and exiting the country via a single unnamed border entry point. According to the CBP, no other identifying information – passport data or other travel document photos – had been compromised.
This incident has stoked already growing fears over the use of this technology on the public, which critics believe may infringe on peoples’ privacy and put them at greater risk of identity theft. However, US law enforcement argues that facial recognition technology will enhance border security and help catch criminals.
Senator Ron Wyden told the Washington Post: “If the Government collects sensitive information about Americans, it is responsible for protecting it – and that’s just as true if it contracts with a private company.
“Anyone whose information was compromised should be notified by customs, and the Government needs to explain exactly how it intends to prevent this kind of breach from happening in the future.”
Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union, said: “This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travellers, including licence plate information and social media identifiers.
“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices.”