US Customs and Border Protection Says Traveler Photos and License Plate Images Stolen In Data Breach (techcrunch.com) 79
An anonymous reader quotes a report from TechCrunch: U.S. Customs and Border Protection has confirmed a data breach has exposed the photos of travelers and vehicles traveling in and out of the United States. The photos were stolen from a subcontractor's network through a "malicious cyberattack," a CBP spokesperson told TechCrunch in an email. "CBP learned that a subcontractor, in violation of CBP policies and without CBP's authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network," said an agency statement. "Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract," the statement read. he agency first learned of the breach on May 31. When asked, a spokesperson for CBP didn't say how many photos were taken in the breach or if U.S. citizens were affected. The agency also didn't name the subcontractor. The database that the agency maintains includes traveler images, as well as passport and visa photos. Congress has been notified and the CBP said it is "closely monitoring" CBP-related work by the subcontractor.
Opt out (Score:3)
Do I need a sarc tag in the land of the free?
Re: (Score:1)
A suitable punishment would have to follow an investigation into whether it was indeed accidental or just made to look accidental. Giving them the benefit of the doubt on this matter only ensures there will never be a suitable punishment.
RGPD... (Score:2)
obviously there will be a significant european citizenry exposure...
thus, the fine is gonna be 4% of the US GDP, thank you very much !
Re: (Score:2)
Because DRM never worked.
encryption might work (Score:2)
Actually, in this specific case, en encryption scheme (what DRM is suposed to br) might work, because for once, the metaphorical "Alice" and "Eve" are two distinct people.
Whereas in classic DRM (e.g.: DVD, streaming), the people you want to prevent from accessing the stream (the end users, who might want to copy it) are the exact same people you want to give access to the stream to (the end users, again, who might want to view it). In that case, the metaphorical recipient for Bob's data happens to be both A
Re: (Score:2)
Well, in a general case where data needs to be processed by a 3rd party.. maybe.
But in this very case the 3rd party company who was supposed to process, but not store the data, violated the contracts and stored a copy on their own network. So again we have a scenario here where the attacker who created the illegal copy was the same person ("person" as in "representing the same organisation") that was supposed to (legally) do something with that data.
The person allowed CBP data to go to a 3rd party company
Re: (Score:2)
I think it could work technically, but you just know it would be a clusterfuck to manage. Every contractor would be adding clauses saying that time lost due to DRM management issues would be 100% billable.
There's no way for consumers to negotiate their own DRM opportunity losses, so whatever externalities they create are solely the problem of consumers.
It's a good idea, but it would probably greatly increase the costs of managing this data. You could mitigate it by not dealing with contractors and only ha
Re: (Score:2)
I'm sure you can just opt out of this, you know, like equifax
When equifax got hacked they offered free credit searches and monitoring.
I'm sure the CBP will be offering free cavity searches as a gesture of goodwill.
Re: (Score:1)
Get them out of our society forever (Score:3)
Re: (Score:2)
Name the goddamn subcontractor and throw them in jail!
If we start putting people in jail for incompetence, we are going to need to build a lot more prisons, and government contracts are going to be much more expensive.
An estimated 90% of breaches go unreported. Draconian punishments for those with enough integrity to report on themselves isn't going to help.
Re: (Score:1)
If you bothered to read the article... oh wait this is slashdot.
Thanks for your contribution.
Re: (Score:3)
It's not the contractor that needs to go to jail, it's the person who decided it was a good idea to collect photos and licence plate data and then store it long term. One check against a database of known stolen vehicles and people on the run should be enough, then delete it.
Security through legalese (Score:5, Insightful)
the subcontractor violated mandatory security and privacy protocols outlined in their contract,
Okay, and since when was legalese a good security measure, except for recourse after the fact?
Re: (Score:2)
Yeah. They never learn.
Snowden, Winner ...
The gubmint is puzzled that contractors and subcontractors are not as diligent as the feds.
Wait.
Manning.
nm
Good thing I don't travel! (Score:4, Interesting)
Really, these "leaks" are getting too numerous to count.
For your own safety, just assume that everything has been breached, and since nothing will ever be done about it, just go with the flow. What choice do you have?
Re:Good thing I don't travel! (Score:4, Interesting)
I would imagine there are very few people alive who haven't been part of some data breach at this point. Even if you never willingly submit data to anyone, they probably have a ghost profile on you, so that gets stolen along with the rest of people who did opt in for the rapage.
Re: (Score:1)
I would imagine there are very few people alive who haven't been part of some data breach at this point.
There's one guy in a small tribe deep in the Amazon jungle that hasn't. There were also two infant Inuit twins, but one died recently and the other had just registered at Igloos-n-Things right before a data breach. And the guy who set up Ted Kaminsky. He thought Ted was living with too much technology.
Re: (Score:2)
Actually, there's an entire group living on an island in the Indian Ocean. People call it a tribe, and say that they're stone age, but those are assumptions, because they kill anyone who lands. Any profiles of them are going to be totally fictitious.
Re: (Score:2)
I assume you are talking about the Sentinelese [wikipedia.org] that live on North Sentinel Island. While not a lot is known about them there have been many expeditions to study them and there have been gift exchanges with them so no, they haven't "killed anyone who lands" but they are quite hostile to outsiders. Most recently, they killed a christian missionary who refused to keep away but honestly, who hasn't contemplated doing that - christian missionaries can be very annoying.
Re: (Score:2)
They've killed most of the people who landed. All the people who tried to remain or went back.
The gift "exchanges" were not exchanges, they were offered various items and were willing to accept a few metal pots and even some pigs. After the first few attempts to bribe them into contact failed so badly, they started just floating the gifts onto the beach, but the locals mostly stopped accepting them.
No items were ever given in return. There were no examples of exchanges, or evidence that the people understan
Re: (Score:2)
I agree.
Hell, for people like me who don't do the social media, I'm screwed with every goddam company I interface with. They sell my shit all over the place.
Re: (Score:2)
For your own safety, just assume that everything has been breached, and since nothing will ever be done about it, just go with the flow. What choice do you have?
For your own safety. just go with the flow? Your paragraph makes no sense.
Also, assuming no security is left and doing nothing about it is dangerously close to ideas about privacy a certain company likes to believe [dailydot.com], because it gives them freedom to trample all over it.
Re: (Score:2)
For your own safety. just go with the flow? Your paragraph makes no sense.
Sorry, Ivan, but this does make sense. Why do you argue when you barely speak English?
It means to chill out, accept these changes in the world because you can't stop it from changing. It will harm your mental health if you try.
Re: (Score:2)
Sorry, Ivan, but this does make sense. Why do you argue when you barely speak English?
You're not even reading the original post.
If we assume "everything is breached and no one will take responsibility for it", the correct course of action is not "going with the flow" (apathy), it's for us to take responsibility for looking out for our own data security (vigilance). Saying we have no choice but to allow companies to let our data leak like a sieve is not looking out for our own saf
Re: (Score:2)
It seems like maybe you're just not good at English?
Re: (Score:2)
It seems like maybe you're just not good at English?
Repeating the same line without anything to back up your position?
Who's the real bot here?
Re: (Score:2)
Oh, noes! The internet called me a bot! How will I ever sleep at night?
It still seems like, maybe you're just not that good at English. I guess it is possible that you're just an idiot, but until you demonstrate otherwise I'm going to give you the benefit of the doubt.
Spewing random words at me isn't going to change what was already said. Somebody said some words, you didn't understand those words and attacked them, accusing them of not making sense. You can't undo that. It happened. In this thread. You can
Re: (Score:2)
Anything out of your own internet-isolated NAS is as good as public. That's been known since before the internet was even a thing.
Anyway, it seems government agencies always end up choosing one of 3 things to (mis)handle people's data:
- Do their own IT and fail miserably to keep the data way from the sumbitches
- Subcontract an incompetent IT shop that fails miserably to keep the data away from sumbitches
- Put it on the cloud with Amazon or Google, who are competent, but who are also sumbitches
Shame on them.
Re: (Score:1)
Best to find a way to quickly depreciate the info...
Anybody got the Queen's home phone?
I figure if we leak the data of important people, something might happen.
Re: (Score:2)
Yeah, you'll go to jail. But the important people who leak yours won't.
Re: (Score:1)
I believe the rule is, don't get caught.
Or make it look like the Russians did it. That one seems to work
Re: (Score:1)
I'm retired IT.
I deleted Facebook, don't do the other popular social media.
My wife, however, does what she wants.
She asked me if SHE was OK. I said, "Sure. You're informed and you get me when things don't smell right and you don't do stupid shit. As for privacy ... forget it. They got us a long time ago."
Why surveillance is bad and unconstitutional (Score:5, Insightful)
This just points out how bad and unconstitutional such surveillance of American citizens is, and why it should never have happened in the first place.
Oh, and stop quartering troops inside the electronic devices in my home.
Re: (Score:1)
it should never have happened in the first place.
Yeah, well, it's too late to dwell on that. What is the next step?
Re: (Score:2)
Chiseling it in stone since we're early to dwell on the next twenty instances of "it's okay if the government has the keys, it will only be good people for good purposes"
Re: Why surveillance is bad and unconstitutional (Score:2)
"What is the next step?"
De-Stalinization
Re: (Score:1)
To sweeten the blood?
Lock and key (Score:1)
Every time something like this happens where government information gets hacked/stolen I wish people would repeatedly point out that the same would happen with any "government only" backdoor trojan/key..
Why Customs shouldn't get warrantless phone access (Score:2)
This is why any access to someone's smartphone should require a warrant and be trouble (proceedurally) to go through and do. Otherwise abuse will occur as we see he
Comment removed (Score:3)
Re: (Score:1)
Yea, someone should bother to ask that. Someone who won't just take the easiest excuse for a sufficient explanation.
Re: (Score:2)
We are the government - trust us (Score:2)
We are the government. You can trust us with your personal information. You should give us backdoors into your encryption. Nothing could ever go wrong.
probable cause (Score:2)
And THIS is exactly why I don't want the feds keeping tabs on me without a warrant.
Not only is it a hassle and a dubious use of taxpayer funded man-hours, but it also puts my collected information at risk of hackers just like here.
I've ranted on slashdot about this risk for YEARS and finally the feds had their dirty little habit bite them in the ass.
Let's have a network, and build a backdoor !! (Score:2)
sorry for the lame "Let's have a war" (FEAR) reference.
This is why the government can't be trusted to build a backdoor. Somebody will steal it.
We'll just blame it on the middle-class.