Hackers broke into a database of images of travellers and licence plates collected by US Customs and Border Protection, the agency said on Monday.
The hackers gained access to the images through a subcontractor’s network, CBP said. The subcontractor, which the agency declined to name, had transferred the photographs to its network in violation of CBP policies"
The CBP makes extensive use of cameras and video recordings at airports and land border crossings, where images of vehicles are captured. Those images are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the US.
The CBP said airport operations were not affected by the breach, but it declined to say how many people might have had their images stolen.
The Sydney Morning Herald [smh.com.au] has further details
A CBP statement said that the agency learnt of the breach on May 31 and that none of the image data had been identified "on the dark web or internet."
But reporters at The Register, reported late last month that a large haul of breached data from the firm Perceptics was being offered as a free download on the dark web.
The CBP would not say which subcontractor was involved. But a Microsoft Word document of the agency's public statement, sent on Monday to Washington Post reporters, included the name "Perceptics" in the title: CBP Perceptics Public Statement.
Perceptics representatives did not immediately respond to requests for comment.
CBP spokeswoman Jackie Wren said she was "unable to confirm" whether Perceptics was the source of the breach.
Pay peanuts, get monkeys... but this is government contracting, so pay lots and lots of peanuts, get much bigger monkeys.