Breach Brief – U.S. Customs and Border Protection, Evite

Published On June 13, 2019 | By Tom Huskerson | Breach Briefs

A third party contractor, in violation of contractual agreements, moved license plate and face image data to their own network where hackers stole it.

US Customs and Border Protection (CBP) admitted to a data breach that was discovered on May 31st. The agency is describing the breach as a “malicious cyber attack.” The sub-contractor has not been pubicly identified.

The CBP issued a statement saying, “CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract.”

According to CBP, none of the stolen data has appeared on the dark web but cautioned that the data may be being traded on closed forums.

Unfortunately for the public they have almost no rights in regards to this data breach.

Even with the powerful new California privacy law Robert Cattanach, a partner at the international law firm Dorsey & Whitney, explained that consumer rights in this area are limited.

“Unless a traveler can prove that they have been harmed somehow by the disclosure of their information and location at a border or airport there is very little anyone can do once their information has been stolen, and then often made available on the dark web. U.S. Courts have been reluctant to award damages absent a showing of specific and concrete harm,” he argued.

Evite

A group of hackers calling themselves “Gnosticplayers” have put as many as ten million Evite customer’s data up for sale on the dark web.

According to ZDNet, Evite was not the only compnay hit by the hacker group. Gnosticplayers also stole and offeerd up for sale data from five other companies. They include Canva, 500px, ShareThis, UnderArmor, GyfCat and others.

Gnosticplayers claim they are in possession of ten million Evite user records. The information includes users’ full names, IP addresses, email addresses and cleartext passwords. The hackers are demanding $1,900 worth of bitcoins for 10 million Evite user records.

Admitting to the hack Evite confirmed the breach took place in February. The company believes that cybercriminals accessed a file containing user records dating back to 2013. According the Evite the file contained user names, email addresses, passwords, dates of birth, phone numbers and mailing addresses that could have been “potentially affected” by the breach.

Evite stated that users’ social security numbers and financial data was not compromised by the breach since the firm does not collect or store financial data.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *