DHS Report Blames Poor CBP Security Practices for 2019 Biometric Data Breach

According to a report from the Department of Homeland Security (DHS) Inspector General, poor security practices on behalf of U.S. Customs and Border Protection (CBP) were at fault for a subcontractor being in possession of nearly 200,000 facial images and 50,000 license plate numbers that were later stolen during a security breach.

IG Report Blames Poor CBP Security Practices for 2019 Biometric Data Breach

The subcontractor in question, Perceptics, LLC, partnered with CBP for a 2019 facial recognition pilot project across multiple land border locations. At a test site in Anzalduas, Texas, Perceptics gained unauthorized access to the biometric data collected by CBP and transferred it via unencrypted USB drive to the company’s head office in Knoxville, Tennessee.

Of the approximately 184,000 images that were compromised, the DHS Inspector General says that at least 19 of them were posted to the dark web, along with roughly 50,000 American license plate numbers.

For its part, CBP claims that the actions of Perceptics and its employees were carried out without its knowledge or consent, and were in fact violations of existing security and privacy protocols. The Inspector General, however, concluded that the subcontractor should never have been able to gain access to the data, and that CBP “did not adequately safeguard” it, and that its security practices were “inadequate to prevent the subcontractor’s actions.”

CBP’s use of biometrics for border crossings has been growing steadily over the past several years, with its Global Entry program having been streamlined earlier this year to allow passengers that submit to facial scans to skip passport and fingerprint scans altogether.

The report also expressed concerns over the public’s already suspect faith in the government’s facial recognition endeavours, saying that “[t]his incident may damage the public’s trust in the Government’s ability to safeguard biometric data and may result in travelers’ reluctance to permit DHS to capture and use their biometrics at U.S. ports of entry.”

Both CBP and Perceptics did not respond to CNN — which reported on the initial data breach last year — when asked to comment on the findings of the DHS report.

Source: KNBR

–

September 24, 2020 – by Tony Bitzionis

Related News

Sponsored Links

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases.

Learn more: www.tech5.ai

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit www.onfido.com

ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark’s AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users’ most precious assets and keeping the fraudsters away. Learn more: www.threatmark.com/

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Related News

Footer

Follow Us