June 14, 2019

Senator Markey Demands Answers After Customs and Border Protection Data Breach

According to CBP, a recent breach of license plate and facial images affected up to 100,000 individuals

Washington (June 14, 2019) – Senator Edward J. Markey (D-Mass.), top Democrat on the Security Subcommittee of the Commerce, Science, and Transportation Committee, today wrote to the Department of Homeland Security (DHS) demanding answers regarding the breach of traveler and vehicle images at U.S. Customs and Border Protection (CBP). According to a CBP statement, up to 100,000 individuals were affected by the recent theft of images of license plates and travelers’ faces, which were stolen from a CBP subcontractor. The photos were captured over a period of a month and half at a land border crossing and were held on the subcontractor’s own servers.

“Data breaches of any kind are alarming, but one of this magnitude that includes this type of personal data carries with it an even greater cause for concern,” writes Senator Markey in his letter to Acting Secretary Keven McAleenan. “I have previously written to you with questions about the collection of biometric data. Those questions were driven by my concerns about both government overreach into individuals’ zones of privacy and the possible targeting of that data by a variety of actors with bad intent. Both of those concerns are again implicated here.”

A copy of the letter can be found HERE.

In his letter, Senator Markey requests answers to questions that include:

How many images were breached? Please specify how many of these images were of individuals’ faces, how many were of license plates, and how many were of other subjects.
Were the facial images exposed in this breach exclusively collected via biometric or license plate analysis tools, or did they also include images from personal documents such as personal ID cards?
Were the breached images in this episode linked to other pieces of personally identifiable information?
Will DHS pause its deployment of any facial recognition and license plate analysis technology until it is able to ensure that any collected data is secure from abuse or hack? If not, why not?
Will DHS commit to notifying every individual whose information was compromised as a result of this data breach? If not, why not?
Does DHS have reason to believe that this attack was perpetrated by or in coordination with a foreign adversary?
Does DHS have reason to believe that this attack was perpetrated in order to extract a ransom from the subcontractor?
Has DHS coordinated with the Federal Bureau of Investigation or any other federal agency in response to this attack?

In December 2017 and again in May 2018, Senators Markey and Mike Lee (R-Utah) previously raised questions regarding the use of biometric facial recognition software, calling for formal rulemaking from the Department of Homeland Security.

###