After a cyberattack on a Customs and Border Protection subcontractor resulted in the theft of tens of thousands of travelers’ biometric data, Sen. Mark Warner (D-VA) has written to CBP Commissioner Mark Morgan for more information about the security practices CBP has in place for third-party vendors.
The subcontractor had illegally transferred a CBP database to their network, exposing facial and license plate photos. Warner posed eight questions regarding the agency’s access management requirements, encryption standards, and security evaluation policies, along with several other practices. “While all of the stolen information was sensitive and required protection, facial image data is especially sensitive, since such permanent personal information cannot be replaced like a password or a license plate number,” he wrote.