Hack of CBP subcontractor exposes traveler photos, license plates

The hack happened after the unnamed subcontractor had transferred copies of the images to its own network, U.S. Customs and Border Protection said.
(U.S. Customs and Border Protection / Flickr)

This report first appeared on

U.S. Customs and Border Protection said Monday that one of its subcontractors had been breached in a “malicious cyberattack,” compromising an unspecified number of images of travelers and license plates.

The hackers struck after the unnamed subcontractor transferred copies of the images collected by CBP to the subcontractor’s network, the Department of Homeland Security agency said in a statement.


“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” a CBP spokesperson said, adding that the breached data had yet to show up on the dark web or public internet.

In an updated statement Monday night, a CBP official said the compromised traveler images appeared to involve less than 100,000 people. “[P]hotographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5-month period,” the official said. “No other identifying information was included with the images.”

CBP, which learned about the hack on May 31, has told members of Congress about the breach and is working with law enforcement agencies and “cybersecurity entities” to investigate, the spokesperson said.

While CBP did not identify the hacked subcontractor, the statement it emailed to The Washington Post included “Perceptics” in the title. Tennessee-based Perceptics, which provides license-plate-scanning services for CBP, was the victim of a hack and had its data posted to the dark web, The Register reported last month. It is unclear if that is the same breach announced by CBP on Monday.

Perceptics could not be immediately reached for comment.



Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts