Estimated reading time: 1 minute, 35 seconds

Watchdog Hits Border Agency Over 2019 Biometric Data Breach

A government watchdog report has faulted U.S. Customs and Border Protection for its cybersecurity practices, finding that the agency “did not adequately safeguard” sensitive data during a 2019 facial recognition technology pilot program.

cyber 4084714 640 smallThe data breach, announced last year, exposed about 184,000 traveler images from CBP’s facial recognition pilot, according to the report by the Department of Homeland Security Inspector General.

As VentureBeat notes, one fresh takeaway from the report is confirmation that data from the breach ended up on the dark web. Although the CPB had originally declined to comment on that question, the inspector general found that at least 19 images were posted online.

According to the inspector general, a subtractor, Perceptics, downloaded copies of the CPB’s biometric data onto its own servers, which were then compromised due to a “malicious cyber attack.” While Perceptics employees broke security rules when they copied the data to the company’s network, the inspector general determined that the CPB’s cybersecurity practices were “inadequate to prevent the subcontractor’s actions.”

“This incident may damage the public’s trust in the government’s ability to safeguard biometric data and may result in travelers’ reluctance to permit DHS to capture and use their biometrics at U.S. ports of entry," the inspector general wrote in the report.

According to a blog post by TechDirt, while the CBP has promised to follow the inspector general’s recommendations going forward, the vast amount of data collected by the agency—and other government entities—will continue to make it look appealing to cybercriminals.

Another federal watchdog, the Government Accountability Office, also criticized the CBP in a recent report. As TechCrunch explains, the GAO found that the agency failed to properly inform Americans that they could opt out of facial recognition scanning at airports.

According to CNN, the Perceptics data breach also resulted in at least 50,000 American license plate numbers surfacing on the dark web.

Read 4764 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.