US Confirms Traveler Photos Stolen in Cyberattack

12 June, 2019

Internet hackers have stolen tens of thousands of pictures of travelers and vehicles collected at the United States border.

U.S. Customs and Border Protection, or CBP, officials confirmed the attack on Monday. The agency said the photographs were stolen from the computer network of a contractor that captures the images for the government. Officials did not name the contractor.

A CBP spokesman told the Associated Press that the agency believes that the incident involved the photographs of fewer than 100,000 people. Images were taken of travelers in vehicles entering and leaving the United States at a single land border crossing over one-and-a-half months, the spokesman said. The images also included license plates of vehicles crossing the border.

The CBP said in a statement that it learned of the cyberattack on May 31. The agency said the government contractor violated CBP policies by copying the pictures to the company's computer network. Officials said only the contracting company's network was hit in the cyberattack. The CBP's computer systems remained safe.

The CBP statement said none of the image information had so far been identified as appearing on the internet or the "dark web." The dark web is a part of the internet that cannot be found through normal search engines. It uses digital tools to hide identifying information and is often used for criminal activity.

The CBP said it was working with other law enforcement agencies "to actively investigate" the attack. The agency said it had "removed from service" all equipment related to the incident and was closely watching all CBP work done by the contractor.

Motorists in the northbound lanes wait to enter the San Ysidro port of entry during a border security training drill by members of U.S. Customs and Border Protection Thursday, Jan. 10, 2019, in Tijuana, Mexico. (AP Photo/Gregory Bull)
Motorists in the northbound lanes wait to enter the San Ysidro port of entry during a border security training drill by members of U.S. Customs and Border Protection Thursday, Jan. 10, 2019, in Tijuana, Mexico. (AP Photo/Gregory Bull)

"CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same," the agency statement said.

U.S. Customs and Border Protection is part of the Department of Homeland Security (DHS). The DHS described its automated vehicle license readers in a 2017 privacy document. The document said the readers are used for identifying, catching "and removing individuals illegally entering the United States at and between ports of entry or otherwise violating U.S. law."

The license plate information is checked against existing records shared among 13 federal agencies, the AP reported.

Representative Bennie Thompson of Mississippi serves as chairman of the U.S. House Committee on Homeland Security. Thompson noted that the incident was the "second major privacy breach at DHS this year."

In March, the DHS's inspector general announced the Federal Emergency Management Agency had wrongly released to a contractor the personal information of 2.3 million U.S. disaster survivors.

Thompson said in a statement that U.S. officials "must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public."

The British computer security website The Register said the hacker responsible informed the publication in late May of the attack. The Register identified the government contractor as the company Perceptics. The company has not yet publicly discussed the hacking incident.

The Tennessee-based company describes itself as the provider of license-plate readers for passenger vehicle inspection "at all land border ports of entry in the United States, Canada and at the most critical lanes in Mexico."

Civil liberties groups have expressed concern at the general lack of rules covering license plate-reading cameras and image collection by government agencies and law enforcement. Critics say the technology carries the risk of abuses when the private information of citizens is widely shared among agencies or stolen in cyberattacks.

I'm Bryan Lynn.

Bryan Lynn wrote this story for VOA Learning English, based on reports from the Associated Press, Agence France-Presse, the Financial Times and online sources. Mario Ritter Jr. was the editor.

We want to hear from you. Write to us in the Comments section, and visit 51VOA.COM.


Words in This Story

hacker n. a person who secretly gets control of a computer system to get information or cause damage

network n. system permitting people to communicate and share information through the internet using a computer or mobile phone

contractorn. a person or company that signs a contract to provide materials or labor to perform a service or do a job

license plate n. a metal sign with numbers on it that is attached to the back of front of a vehicle

cyberattack n. an attempt to illegally enter a computer system with the purpose of causing damage or harm

automated adj. made to operate by machines or computers, not humans

breach n. an act of breaking a rule, law, custom or practice

biometrics n. involving the application of statistical analysis to biological data

at the expense of phrase. in a way that harms someone or something