DHS IG: Security practices lacking at CBP prior to contractor being hacked

“The U.S. Customs and Border Protection agency failed to enforce basic security practices at a contractor that was hacked last year, exposing some 100,000 individual photos of travelers, a new inspector general report has found.”

“Some of the hacked images ended up on the dark web, but the entire episode ‘may damage the public’s trust in the government’s ability to safeguard biometric data,’ the Department of Homeland Security’s inspector general concluded in a report released Wednesday.”

“It’s an example of how, as federal immigration and security agencies increasingly draw on biometric data for their work, the stakes for protecting that data from hackers have grown.”

“The data collection was for a CBP pilot to use facial recognition to screen travelers at ports of entry. The project went awry when surveillance technology company Perceptics, a subcontractor, downloaded sensitive CBP data from an unencrypted device and transferred it to the company’s network, according to the inspector general probe. That violated DHS security requirements, but responsibility also lies with CBP, the watchdog said.”

“’Additional IT security controls in place during the pilot could have prevented Perceptics from violating contract clauses and using an unencrypted hard drive to access and download biometric images at the pilot site,’ the report states…” Read the full article here.

Source: IG finds data security practices lacking at Customs and Border Protection before big hack – By Sean Lyngaas, September 23, 2020. CyberScoop.

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 4 weeks ago.

  • Author
    Posts
  • #108477

    Replies viewable by members only

    0

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2020 G2Xchange all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?