cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

It's not our fault that we lost that massive database of private information--we outsourced it!

The US Customs and Border Protection announced Monday photos of travelers and license plates were recently compromised in a data breach. A subcontractor "had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network. The subcontractor's network was subsequently compromised by a malicious cyber-attack."

 

So we have no need to fear the attempts by the government to collect even more data on everyone.

 

(And, once again, if you have nothing to hide, you have nothing to fear from the giant surveillance apparatus that the government is hiding from you ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
5 Replies
Flyslinger2
Community Champion

"CBP said its own systems had not been compromised, and the agency writes that, as of Monday, "none of the image data has been identified on the Dark Web or internet."

 

Really?

 

They still own that data because they collected it.  They ARE compromised because they don't have the proper oversight in place to ensure that their subs are secure.

 

Typical government response in that they are not willing to take ownership of a problem they created.

emb021
Advocate I

Hence the growing need for vendor risk management.

 

With healthcare, this is somewhat understood with the idea of business associate agreements.  Elsewhere, its hit or miss.

 

Thing that is frustrating is its all over the board as to what companies do and what they use to do it.

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
dcontesti
Community Champion

I am wondering if this will be reported according to the law (at least since Nov. 2018) to the Canadian Privacy Commissioner along with them notifying every affect person (in the event there is risk of harm to them)?

 

Of course with all laws there is wiggle room.....the used "significant harm" in the law.....

 

So apparently CBP doesn't want to name the subcontractor who had the breach.  Just wondering if they will report to the Privacy Commissioner?


A little birdie keeps mentioning a subcontractor by the name of Perceptics being involved.

 

So since I cross the border frequently and I knew that both my photo and my car plate were being captured, will someone notify me that that information is now out there?????

 

I imagine that I will hear nothing or maybe a cricket but I would love to know if the Privacy Commissioner gets a report.


Regards

 

d

AppDefects
Community Champion

Why would the Office of the Privacy Commissioner of Canada be involved with investigating a database breach in the USA unless they received an official complaint? Maybe someone will call the USA on that practice. The larger question is why does the US CBP really want to know who is going over the Whirlpool bridge and how much time they are spending at the Buffalo outlet malls? 

dcontesti
Community Champion

My data as a Canadian is housed in that database.  As I enter the US, a photo of my license plate and my picture are taken.  This gives the Border patrols information on when I entered the US and the Canadian Border Services uses this information when I leave as they once again take snapshots and vice versa.

 

From PIPEDA:

 

Report to Commissioner

  • 10.1 (1) An organization shall report to the Commissioner any breach of security safeguards involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.

 

The Privacy Act

The Privacy Act relates to a person’s right to access and correct personal information that the Government of Canada holds about them. The Act also applies to the Government’s collection, use and disclosure of personal information in the course of providing services such as:

  • old age security pensions
  • employment insurance
  • border security
  • federal policing and public safety
  • tax collection and refunds.

The Privacy Act only applies to federal government institutions listed in the Privacy Act Schedule of Institutions. It applies to all of the personal information that the federal government collects, uses, and discloses. This includes personal information about federal employees.

 

As to why they want to know how much time you spend at the Buffalo outlet malls, it is related to the DUTY they can collect from you.  If you are only in the states for 4 hours and buy $200 worth of stuff, they are more than happy to collect the Duty as well as the taxes.