Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Security Databases Government United States Technology

US Customs and Border Protection Says Traveler Photos and License Plate Images Stolen In Data Breach (techcrunch.com) 79

An anonymous reader quotes a report from TechCrunch: U.S. Customs and Border Protection has confirmed a data breach has exposed the photos of travelers and vehicles traveling in and out of the United States. The photos were stolen from a subcontractor's network through a "malicious cyberattack," a CBP spokesperson told TechCrunch in an email. "CBP learned that a subcontractor, in violation of CBP policies and without CBP's authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network," said an agency statement. "Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract," the statement read. he agency first learned of the breach on May 31. When asked, a spokesperson for CBP didn't say how many photos were taken in the breach or if U.S. citizens were affected. The agency also didn't name the subcontractor. The database that the agency maintains includes traveler images, as well as passport and visa photos. Congress has been notified and the CBP said it is "closely monitoring" CBP-related work by the subcontractor.
This discussion has been archived. No new comments can be posted.

US Customs and Border Protection Says Traveler Photos and License Plate Images Stolen In Data Breach

Comments Filter:
  • by DCFusor ( 1763438 ) on Monday June 10, 2019 @05:14PM (#58741870) Homepage
    I'm sure you can just opt out of this, you know, like equifax, or OPM and just be totally safe, right?
    Do I need a sarc tag in the land of the free?
    • I'm sure you can just opt out of this, you know, like equifax

      When equifax got hacked they offered free credit searches and monitoring.

      I'm sure the CBP will be offering free cavity searches as a gesture of goodwill.

  • by AndyKron ( 937105 ) on Monday June 10, 2019 @05:29PM (#58741966)
    Name the goddamn subcontractor and throw them in jail!
    • Name the goddamn subcontractor and throw them in jail!

      If we start putting people in jail for incompetence, we are going to need to build a lot more prisons, and government contracts are going to be much more expensive.

      An estimated 90% of breaches go unreported. Draconian punishments for those with enough integrity to report on themselves isn't going to help.

    • by haus ( 129916 )

      If you bothered to read the article... oh wait this is slashdot.

      Thanks for your contribution.

    • by AmiMoJo ( 196126 )

      It's not the contractor that needs to go to jail, it's the person who decided it was a good idea to collect photos and licence plate data and then store it long term. One check against a database of known stolen vehicles and people on the run should be enough, then delete it.

  • by DigitAl56K ( 805623 ) on Monday June 10, 2019 @05:30PM (#58741972)

    the subcontractor violated mandatory security and privacy protocols outlined in their contract,

    Okay, and since when was legalese a good security measure, except for recourse after the fact?

    • Yeah. They never learn.

      Snowden, Winner ...

      The gubmint is puzzled that contractors and subcontractors are not as diligent as the feds.

      Wait.

      Manning.

      nm

  • by fustakrakich ( 1673220 ) on Monday June 10, 2019 @05:31PM (#58741978) Journal

    Really, these "leaks" are getting too numerous to count.

    For your own safety, just assume that everything has been breached, and since nothing will ever be done about it, just go with the flow. What choice do you have?

    • by cdsparrow ( 658739 ) on Monday June 10, 2019 @05:45PM (#58742064)

      I would imagine there are very few people alive who haven't been part of some data breach at this point. Even if you never willingly submit data to anyone, they probably have a ghost profile on you, so that gets stolen along with the rest of people who did opt in for the rapage.

      • I would imagine there are very few people alive who haven't been part of some data breach at this point.

        There's one guy in a small tribe deep in the Amazon jungle that hasn't. There were also two infant Inuit twins, but one died recently and the other had just registered at Igloos-n-Things right before a data breach. And the guy who set up Ted Kaminsky. He thought Ted was living with too much technology.

        • by HiThere ( 15173 )

          Actually, there's an entire group living on an island in the Indian Ocean. People call it a tribe, and say that they're stone age, but those are assumptions, because they kill anyone who lands. Any profiles of them are going to be totally fictitious.

          • I assume you are talking about the Sentinelese [wikipedia.org] that live on North Sentinel Island. While not a lot is known about them there have been many expeditions to study them and there have been gift exchanges with them so no, they haven't "killed anyone who lands" but they are quite hostile to outsiders. Most recently, they killed a christian missionary who refused to keep away but honestly, who hasn't contemplated doing that - christian missionaries can be very annoying.

            • They've killed most of the people who landed. All the people who tried to remain or went back.

              The gift "exchanges" were not exchanges, they were offered various items and were willing to accept a few metal pots and even some pigs. After the first few attempts to bribe them into contact failed so badly, they started just floating the gifts onto the beach, but the locals mostly stopped accepting them.

              No items were ever given in return. There were no examples of exchanges, or evidence that the people understan

      • I agree.

        Hell, for people like me who don't do the social media, I'm screwed with every goddam company I interface with. They sell my shit all over the place.

    • by SeaFox ( 739806 )

      For your own safety, just assume that everything has been breached, and since nothing will ever be done about it, just go with the flow. What choice do you have?

      For your own safety. just go with the flow? Your paragraph makes no sense.

      Also, assuming no security is left and doing nothing about it is dangerously close to ideas about privacy a certain company likes to believe [dailydot.com], because it gives them freedom to trample all over it.

      • For your own safety. just go with the flow? Your paragraph makes no sense.

        Sorry, Ivan, but this does make sense. Why do you argue when you barely speak English?

        It means to chill out, accept these changes in the world because you can't stop it from changing. It will harm your mental health if you try.

        • by SeaFox ( 739806 )

          Sorry, Ivan, but this does make sense. Why do you argue when you barely speak English?

          You're not even reading the original post.

          just assume that everything has been breached, and since nothing will ever be done about it, just go with the flow

          If we assume "everything is breached and no one will take responsibility for it", the correct course of action is not "going with the flow" (apathy), it's for us to take responsibility for looking out for our own data security (vigilance). Saying we have no choice but to allow companies to let our data leak like a sieve is not looking out for our own saf

          • It seems like maybe you're just not good at English?

            • by SeaFox ( 739806 )

              It seems like maybe you're just not good at English?

              Repeating the same line without anything to back up your position?
              Who's the real bot here?

              • Oh, noes! The internet called me a bot! How will I ever sleep at night?

                It still seems like, maybe you're just not that good at English. I guess it is possible that you're just an idiot, but until you demonstrate otherwise I'm going to give you the benefit of the doubt.

                Spewing random words at me isn't going to change what was already said. Somebody said some words, you didn't understand those words and attacked them, accusing them of not making sense. You can't undo that. It happened. In this thread. You can

    • Anything out of your own internet-isolated NAS is as good as public. That's been known since before the internet was even a thing.

      Anyway, it seems government agencies always end up choosing one of 3 things to (mis)handle people's data:

      - Do their own IT and fail miserably to keep the data way from the sumbitches
      - Subcontract an incompetent IT shop that fails miserably to keep the data away from sumbitches
      - Put it on the cloud with Amazon or Google, who are competent, but who are also sumbitches

      Shame on them.

    • I'm retired IT.

      I deleted Facebook, don't do the other popular social media.

      My wife, however, does what she wants.

      She asked me if SHE was OK. I said, "Sure. You're informed and you get me when things don't smell right and you don't do stupid shit. As for privacy ... forget it. They got us a long time ago."

  • by WillAffleckUW ( 858324 ) on Monday June 10, 2019 @05:33PM (#58741992) Homepage Journal

    This just points out how bad and unconstitutional such surveillance of American citizens is, and why it should never have happened in the first place.

    Oh, and stop quartering troops inside the electronic devices in my home.

  • by Anonymous Coward

    Every time something like this happens where government information gets hacked/stolen I wish people would repeatedly point out that the same would happen with any "government only" backdoor trojan/key..

  • This shines a bright light on the practice of Customs and Border Patrol Agents backing up the smartphone contents of anyone they decide they want to - and what could possibly go wrong with that. If it weren't for the compromise we wouldn't know this personal data gets passed on to for profit contractors etc. and out of the governments hands.

    This is why any access to someone's smartphone should require a warrant and be trouble (proceedurally) to go through and do. Otherwise abuse will occur as we see he
  • by account_deleted ( 4530225 ) on Monday June 10, 2019 @06:07PM (#58742164)
    Comment removed based on user account deletion
  • We are the government. You can trust us with your personal information. You should give us backdoors into your encryption. Nothing could ever go wrong.

  • And THIS is exactly why I don't want the feds keeping tabs on me without a warrant.

    Not only is it a hassle and a dubious use of taxpayer funded man-hours, but it also puts my collected information at risk of hackers just like here.

    I've ranted on slashdot about this risk for YEARS and finally the feds had their dirty little habit bite them in the ass.

  • sorry for the lame "Let's have a war" (FEAR) reference.

    This is why the government can't be trusted to build a backdoor. Somebody will steal it.

    We'll just blame it on the middle-class.

Bus error -- please leave by the rear door.

Working...