“The U.S. Customs and Border Protection agency failed to enforce basic security practices at a contractor that was hacked last year, exposing some 100,000 individual photos of travelers, a new inspector general report has found.”
“Some of the hacked images ended up on the dark web, but the entire episode ‘may damage the public’s trust in the government’s ability to safeguard biometric data,’ the Department of Homeland Security’s inspector general concluded in a report released Wednesday.”
“It’s an example of how, as federal immigration and security agencies increasingly draw on biometric data for their work, the stakes for protecting that data from hackers have grown.”
“The data collection was for a CBP pilot to use facial recognition to screen travelers at ports of entry. The project went awry when surveillance technology company Perceptics, a subcontractor, downloaded sensitive CBP data from an unencrypted device and transferred it to the company’s network, according to the inspector general probe. That violated DHS security requirements, but responsibility also lies with CBP, the watchdog said.”
“’Additional IT security controls in place during the pilot could have prevented Perceptics from violating contract clauses and using an unencrypted hard drive to access and download biometric images at the pilot site,’ the report states…” Read the full article here.
Source: IG finds data security practices lacking at Customs and Border Protection before big hack – By Sean Lyngaas, September 23, 2020. CyberScoop.