So yeah, your photos were DEFINITELY hacked in that Border Patrol breach last month
Companies that handle sensitive information are still terrible at handling sensitive information.
In a shocking turn of events that literally no one could have seen coming, it turns out that, yes, way more photos were stolen in that US Customs and Border Patrol (CBP) hack than originally reported.
The photos were discovered as the result of some pretty basic sleuthing by Vice, and directly contradict the statement put out by CBP officials claiming that “none of the image data has been identified on the Dark Web or internet.”
Even worse, most of these “thousands of driver and license plate images” don’t even appear to be the ones possessed by CBP or a border crossing, but rather, a random series of toll booths on Pensylvania Turnpike.
A license plate scanning company was hacked, and now thousands of images of drivers are on the dark web https://t.co/BhFjNOS90W
— VICE (@VICE) June 13, 2019
But okay, let’s take a step back here
How did this happen? Well, CBP used a third-party contractor by the name of Perceptics, which specializes in license plate reader technology (you know, like the ones your neighbors have already likely purchased) for the U.S. government.
Perceptics failed to follow basic security rules when transferring said photos to its own network, giving hackers the opportunity swoop in and grab them. The hackers even made out with “a presentation that contains images of people in their vehicles as part of a proof-of-concept Perceptics made for CBP in 2015.”
But wait, it gets worse:
In some of the Pennsylvania Turnpike images, drivers’ faces are clearly visible; in many of the images, license plate and car make-and-model information is clearly visible.
So yeah, not great, Bob! Turns out the company that the government trusts for the “most highly sensitive facilities in the nation” has your aunt’s understanding of file security. CBP has not offered an official statement in response to this new information, but we’re sure that it’ll be revealed within the week when Kathy in Logistics hits ‘reply all’ to the wrong email.
- Even Uber’s self-driving cars aren’t safe from passenger road rage
- More woes for Samsung as AT&T cancels all Galaxy Fold preorders
- Google just straight up lifted the veil on the new Pixel 4, giving the middle fingers to leakers
- Spotify is mixing podcasts and music together in a new playlist