According to a New York Times report, “tens of thousands of images of travelers and license plates stored by the Customs and Border Protection agency have been stolen in a cyberattack, officials said Monday, prompting renewed questions about how the federal government secures and shares personal data.
The office of Customs and Border Patrol (CBP) discovered on May 31st that the federal subcontractor they use to store image data was hacked in a cyber attack when the subcontractor, according to the CBP, “transferred copies of the images to the subcontractor’s network, which the agency said, was done without its knowledge and in violation of the contract.”
“The subcontractor’s network was then hacked.”
A United States government official said no more than 100,000 people had their information compromised by the attack.
If that number holds, it would be far smaller than a 2014 breach at the Office of Personnel Management, which lost roughly 22 million security clearance files for government officials and contractors. In that case, China was later identified as the nation that had pulled off what remains the largest known theft of United States government data.
“As of today, none of the image data has been identified on the dark web or internet,” the Customs and Border Protection agency said in a statement.
That may not be surprising. If the images were stolen for intelligence purposes, they would not be expected to show up for sale. The Office of Personnel Management data has never been surfaced publicly.
The customs and border agency, a part of the Homeland Security Department, collects passport and visa photographs for a database used for a facial recognition program at airports that department officials say is aimed at expediting movement among travelers. The Customs and Border Protection agency also captures images of the license plates on vehicles entering and exiting the ports of entry along the border.
NYT
A senior legislative counsel for the ACLU, Neema Singh Guliani, told the NYT’s that “the breach exposed the risks of the facial recognition program.”
“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices, … The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”
Meanwhile…
CNN reported, “the FBI has access to more than 641 million photos of people’s faces in searchable form, a government watchdog official said on Tuesday.”
The information released in prepared testimony from US Government Accountability Office homeland security and justice director Gretta Goodwin said the 641 million figure was accurate as of April 2019. In the release on Tuesday, the GAO said it had called on the Department of Justice and FBI to take further steps to improve privacy and “ensure the accuracy of its face recognition capabilities.”
The FBI’s available trove of photos contains some from its own face recognition system that includes photos from the criminal justice system, like mugshots, and others available from state and federal government databases, like driver’s license photos, the GAO said. The 641 million figure refers specifically “to photos, not the total number of identities,” according to Goodwin’s testimony.
The latest GAO information came out in a hearing before the House Oversight Committee on government use of facial recognition technology.
CNN