June 12, 2019 - Customs and Border Patrol reported yesterday that they experienced a data breach. That doesn't really surprise us since it is just more evidence that the US Government is inept when it comes to data security, and they have a very long history to prove that. In this case, CBP is saying that that data stolen included license plate numbers and pictures of drivers who transitioned between the United States, Mexico and Canada. But what the agency isn't revealing about this breach may be more important. They haven't ruled out the idea that the breach may have involved a lot of much more personal information. Here is what we know… and what we don’t.
According to CBP, the breach occurred when an unnamed outside vendor transferred data from CBP computers to the vendor's computers. The transferred data included license plate numbers and pictures. Sometime after the transfer occurred, the vendor's network was hacked and the files belonging to CBP were compromised.
According to CBP, the data was transferred without the agency's knowledge and in violation of the agency's contract with the vendor. And they claim that there is no evidence that the stolen data has shown up on the dark web for sale.
If the stolen is limited to the data named in the CBP announcement, it can probably be used identify drivers and give some indication as to where and when they traveled. But in all likelihood, it isn't enough to commit fraud or identity theft. But several news outlets have now asked CBP if any additional data was included in the breach and none of them have been given a direct answer. And that is troubling.
Last month the agency announced a data breach involving a company named Perceptics. They manufacture and install license plate readers and driver cameras for the CBP. According to the Atlantic, shortly after that announcement, "both the U.K. outlet The Register and Vice reported finding scores of traveler data on the dark web in the hours after that breach, including financial information, photos, and location information."
It's hard to believe that these reports aren't all discussing the same breach. And if the UK reports are accurate, not only was there enough data in these breaches to conduct ID theft, the pictures also constitute a biometric data breach which can be significantly more detrimental to victims. The fact that the latest breach announcement doesn't name the "vendor" by name and that it doesn't state that the data stolen was very limited should trouble everyone.
CBP is saying that it became aware of the latest breach on May 21st, but they don't say how long they suspect it lasted or how far back the stolen records go. The bottom line here is that if you have walked or driven across the northern or southern US border within the past ten years, your data may have been exposed and you should be concerned.
Anyone who believes that they may have been included in this breach should watch their credit card and financial records closely. You may want to consider freezing your credit files with Experian, Equifax and TransUnion; something which you can now do for free. This will prevent anyone from opening up new credit in your name. But even that won't stop someone from using any existing credit account that you have open, so you'll still need to watch those statements.
Beyond that, we're advising our readers to let their congressional representatives know that they don't appreciate being victimized like this by their own government. If enough of them hear from us, then maybe they'll do something about the issue. Why CBP would be storing financial information on any American simply for driving into Canada is unknown. They shouldn't be!
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|