Hackers stole a US Customs and Border Patrol facial recognition database
Data from facial recognition scans performed by US Customs and Border Patrol on travelers crossing at an unnamed lander border point (an anonymous source says it’s a US-Canada crossing) have been stolen by hacker or hackers unknown.
The CBP doesn’t know how many records were leaked, but estimates the number at less than 100k. The CBP refused to state which contractor breached the data, but the memo it sent to the Washington Post about the breach was titled “CBP Perceptics Public Statement” and since Perceptics is a CBP contractor that does facial recognition (as well as license plate cameras and other forms of surveillance), it’s a good bet that Perceptics is the culprit – especially since Perceptics had hundreds of gigs of data breached and dumped last month by a person or persons going by “Boris the Bullet-Dodger” (it’s possible that the facial recognition database was part of that dump.
The CBP says the stolen facial recognition data isn’t circulating, so maybe it wasn’t part of the Boris the Bullet-Dodger dump, or maybe they’re just lying or incompetent (see above, re: a memo entitled “CBP Perceptics Public Statement”).
As Brian Barrett points out on Wired, the fact that this was a contractor breach shouldn’t make you feel any more secure – the most sensitive data being collected by US government agencies is being stored insecurely by grifty Beltway Bandits who are leaking it all over the fucking internet.
CBP collects tons of facial recognition data at border crossings, airports, etc, both overtly (by making you scan your face) and covertly (using CCTV footage to feed its databases).
You can always opt out by simply not having a face.