WASHINGTON — Senator Mark Warner wrote letters to the U.S. Customs and Border Protection and South Korean company Suprema HQ after separate but alarming incidents exposed Americans’ personal, permanently identifiable data.
In the letter to the U.S. Customs and Border Protection, Sen. Warner asked about the information security practices of CBP contractors, in light of a June cyberattack that resulted in the theft of tens of thousands of facial images belonging to U.S. travelers.
In June, CBP announced the theft of at least 100,000 traveler ID photos from a U.S. Customs and Border Protection subcontractor that had improperly transferred copies of these photos from the agency servers to its own company database.
On top of the facial images, the cyber attack resulted in the theft of several gigabytes of data which included license plate photos, confidential agreements, hardware blueprints for security systems, and budget spreadsheets.
“While all of the stolen information was sensitive and required protection, facial image data is especially sensitive, since such permanent personal information cannot be replaced like a password or a license plate number,” wrote Sen. Warner to Acting CBP Commissioner Mark Morgan. “It is absolutely critical that federal agencies and industry improve their track records, especially when handling and processing biometric data. Americans deserve to have their sensitive information secured, regardless of whether it is being handled by a first or a third-party.”
RELATED: Virginia leaders react to Pentagon using $3.6 billion in military construction to the border wall
The letter to the U.S. Customs and Border Protection:
In a separate letter, Sen. Warner requested more information from Suprema HQ, the company that owns web-based biometric lock system, Biostar 2, which experienced a cyber incident in August, resulting in the exposure of permanently identifiable biometric data belonging to at least one million people worldwide.
Similarly, in his letter to Suprema HQ, Sen. Warner raised concerns about the Biostar 2 incident, which exposed permanently identifiable biometric data, including user photos.
The Biostar 2 breach resulted in the online exposure of more than one million fingerprint records, in addition to user images, personal details, usernames and passwords, and employee security clearances.
The letter from Sen. Warner to Suprema HQ: