US BORDER AUTHORITIES has admitted to a data breach that has seen up to 100,000 people's faces and vehicle registrations stolen in a "malicious cyber attack".
The US Customs and Border Protection (CBP) confessed that the database had been transferred to a subcontractor without its authorisation or knowledge, adding that it was this copy that was hacked.
The photos had no identifying data, so thankfully we can rest assured that it won't get used for training third-party facial recognition systems or worse, but its still a huge breach in privacy from an agency we should be able to trust.
The data is used legitimately by the CBP to keep track of people and vehicles who enter and leave the country, but it is supposed to be kept internal and private.
Although it's not clear who stole the data and what they want with it, there's little doubt that this is a major privacy breach. There have been several reports that a hacker calling himself "Boris Bullet-Dodger" dumped a bunch of files he'd stolen from Perceptics, one of the CBP's contractors for the US-Mexico border, however, CBP says that none of the stolen data is currently on the dark web.
That leads us to one of three conclusions - either the CBP is lying, the dumped data is fake, or there have actually been two hacks with the other one yet to be even acknowledged. Whichever one it is, it's a fairly substantial cock up and leaves a lot of questions are unanswered.
A statement from CBP pushes the blame squarely to its contractor: "CBP learned that a subcontractor, in violation of CBP policies and without CBP's authorisation or knowledge, had transferred copies of license plate images and traveller images collected by CBP to the subcontractor's company network,"
It's not thought that any other documents such as passport copies were affected, which let's face it, is a ruddy relief.
Normally, during a password breach, we'd suggest changing your password, so we guess the best thing in this instance is that you change your car and get plastic surgery to change your face.
Yes, we're kidding, but it's a reminder about how serious a mugshot breach could be in the wrong hands, and the timebomb for that is ticking. μ
Hype for HyperThreading
Hey kids, leave them iPhones alone
The Mac lady sings
Babel in yo ear