Breach Brief – U.S. Customs and Border Protection, Evite
A third party contractor, in violation of contractual agreements, moved license plate and face image data to their own network where hackers stole it.
US Customs and Border Protection (CBP) admitted to a data breach that was discovered on May 31st. The agency is describing the breach as a “malicious cyber attack.” The sub-contractor has not been pubicly identified.
The CBP issued a statement saying, “CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract.”
According to CBP, none of the stolen data has appeared on the dark web but cautioned that the data may be being traded on closed forums.
Unfortunately for the public they have almost no rights in regards to this data breach.
“Unless a traveler can prove that they have been harmed somehow by the disclosure of their information and location at a border or airport there is very little anyone can do once their information has been stolen, and then often made available on the dark web. U.S. Courts have been reluctant to award damages absent a showing of specific and concrete harm,” he argued.
A group of hackers calling themselves “Gnosticplayers” have put as many as ten million Evite customer’s data up for sale on the dark web.
According to ZDNet, Evite was not the only compnay hit by the hacker group. Gnosticplayers also stole and offeerd up for sale data from five other companies. They include Canva, 500px, ShareThis, UnderArmor, GyfCat and others.
Gnosticplayers claim they are in possession of ten million Evite user records. The information includes users’ full names, IP addresses, email addresses and cleartext passwords. The hackers are demanding $1,900 worth of bitcoins for 10 million Evite user records.
Admitting to the hack Evite confirmed the breach took place in February. The company believes that cybercriminals accessed a file containing user records dating back to 2013. According the Evite the file contained user names, email addresses, passwords, dates of birth, phone numbers and mailing addresses that could have been “potentially affected” by the breach.
Evite stated that users’ social security numbers and financial data was not compromised by the breach since the firm does not collect or store financial data.