Hackers Stole Border Agency Database Containing Photos of Plates and Travelers

Published on June 11, 2019
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

As the US Customs and Border Patrol (CBP) agency admitted, one of their technology contractors has been breached by a group of hackers, resulting in the leaking of thousands of images of traveler faces, vehicle license plates, internal communication emails, various types of documentation, blueprints, and even backups. The points that fed the particular databases seem to be checkpoints in Santa Teresa, Columbus, New Mexico, and the Hidalgo Port of Entry on the Texas-Mexico border. Although there have been no specific revelations about the extent of the breach, it is estimated that around 100000 people were compromised by the incident.

Although the CBP has declined to name the subcontractor that is responsible for the incident, the documents that have leaked point to Perceptics, a license plate reading technology developer. The first discovery of the dump was made by white hat hackers monitoring the darknet marketplaces. The sale became known on May 23, and CBP learned about it a week later, finally giving the order to secure the leaking system. CBP has told the public that the database was populated with data that was meant to be used for pilot programs, so they are playing down the importance of the hack and the contained information.

This incident works as the perfect example of the dangers of creating and maintaining humongous biometrics databases on borders. CBP is part of the Department of Homeland Security, which is an agency that is entrusted with the critical role of helping bolster cybersecurity in the US. As even them have failed to protect people’s data, no matter how unimportant or how little or whether this was a direct or indirect breach, the message given out to the public is that they cannot be trusted. Of course, this won’t stop agencies from creating biometric information logging databases for their border control system, and undoubtedly, they will do it legally.

As we have seen in the past, the CBP has failed to protect sensitive citizen data from going public due to mismanagement. US border agents were reported not to delete thumb drive data following an inspection, forgetting to disconnect critical devices from the internet, and a lot more. In Europe, the parliament has voted for the creation of a large biometric database to aid their checkpoint system, iBorderCtrl, so the situation there will also get risky for those who pass the borders. Hopefully, the authorities will manage and protect this information with greater responsibility in the future, although as long as this is in peoples’ hands, it will be hard to achieve perfection.

Do you believe that nations shouldn’t have the right to impose mandatory biometric database contributions, or is this critical for the safety of the people? Let us know where you stand in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: