Last month it was revealed that digital photos of “fewer than 100,000” travellers and vehicle license plates, captured as they made their way through a border crossing, had been stolen by hackers from the network of a company subcontracting for the United States Customs and Border Protection (CBP).
That wasn’t good.
Then it was revealed that the company concerned, Perceptics, shouldn’t have had the data on its network in the first place and that it had been copied onto their systems without the knowledge or authorisation or the CBP.
That definitely wasn’t good.
And then it came to light that the hackers hadn’t just scarpered off with the CBP data, but also some 400 GB of other files from Peceptics’ network including databases, spreadsheets, HR records, business plans, financial figures, presnetations, personal information, and even some Spice Girls MP3s.
Oh dear oh dear.
How could things look any worse for Perceptics?
Well, as Drew Harwell at The Washington Post reports, the CBP has now suspended license plate-scanning company Perceptics from federal contracts:
The longtime maker of license-plate scanners and other surveillance equipment used along the U.S. border was suspended Tuesday from federal contracting by U.S. Customs and Border Protection officials, who cited “evidence of conduct indicating a lack of business honesty or integrity,” federal records show.
The rare punishment temporarily prevents the longtime contractor, Perceptics, from doing business with the federal government and could land the company on a years-long government blacklist.
There’s no mincing of words here. “Evidence of conduct indicating a lack of business honesty or integrity”. That’s pretty damning of Perceptics.
Talk about bad optics.
Make sure that you don’t have data you don’t need or shouldn’t have on your network, and ensure that you have a layered defence in place to reduce the chances that hackers are able to compromise your systems and steal sensitive information.
To hear more about this case, be sure to check out the episode of “Smashing Security” podcast we released earlier this month: