Experts comment on US Customs data breach
The United States Customs and Border Protection agency has been responsible for the leaking of tens of thousands of images of travellers and license plates.
The CBP emailed a statement to journalists saying that a federal subcontractor had transferred copies of the images to its network.
The agency said this was done without its knowledge and in violation of the contract.
The subcontractor was subsequently hacked. The data leaked was a collection of images of drivers photo identifications and license plates of vehicles crossing through one port of entry over a six-week period.
The CBP said that none of its systems were compromised.
In the statement, the CBP said none of the image data has been identified on the dark web or internet.
“CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Proffessional Responsibility to actively investigate the incident.
The agency said it has removed all equipment related to the breach from service and is closely monitoring all CBP work by the subcontractor, which it continues to work with.
“CBP requires that all contractors and service providers maintain appropriate data integrity and cybersecurity controls and follow all incident response notification and remediation procedures.”
Here is what cybersecurity experts had to say about the breach:
BlackFog CEO and founder Darren Williams
Nobody is safe from cyberattack – not even US government agencies.
With this latest data breach targeting travellers’ sensitive and personal information, it’s clear that organisations need to improve their cybersecurity practices.
In particular, the risks that third-party subcontractors pose to cybersecurity practices are increasingly evident.
The emphasis on protecting consumer data needs to not only be woven through an organisation’s culture, but also in all of its contractor relationships.
This means having honest conversations at the outset of procurement to conduct due diligence on a contractor’s cybersecurity protocols.
Just as a business would credit check potential suppliers to ensure they have the necessary cashflow, organisations need to get suppliers to validate they have strong perimeter defence, data loss prevention measures, and preventative cybersecurity approaches in place, to avoid breaches like this from continuing to happen.
Proofpoint threat research and detection senior director Sherrod DeGrippo
It is critical that organisations prioritise the security and access controls of their vendors, providers, and partners.
These groups regularly handle sensitive data and must be examined by organisations thoroughly as they have the same culpability as the organisation itself.
We recommend that organisations review subcontractors and other providers’ data security posture as if it were their own.
Additionally, organisations can develop threat profiles that highlight areas of risk across verticals and implement a proactive people-centric security approach that mitigates each threat appropriately.