CBP suspends Perceptics from doing government business following data breach

U.S. Customs and Border Protection officials suspended Perceptics, the provider of license-plate scanners and other surveillance technology, from federal contracting following a data breach that exposed travelers’ information, according to federal records first obtained by the Washington Post.

CBP last month said one of its subcontractors, later identified as Perceptics, was breached in a “malicious cyberattack” that resulted in images of travelers’ faces, license plates, contracting documents and other data being made publicly available on the internet. Now, the Post reports, CBP has taken the rare step of punishing a federal contractor, citing “evidence of conduct indicating a lack of business honesty or integrity.”

As a result, Perceptics is prohibited from doing business with the government, a punishment that could last for years if the company is placed on a government blacklist.

CBP said on June 12 that a subcontractor had violated government policy by transferring images of license plates and traveler’s to the subcontractor’s corporate network. Then, hackers infiltrated that network in a breach that affected fewer than 100,000 people who entered and exited the U.S. in a vehicle through a specific lane at one border stop over a nearly two-month period.

“If the government collects sensitive information about Americans, it is responsible for protecting it – and that’s just as true if it contracts with a private company,” Sen. Ron Wyden, D-Ore., said at the time.

Customs and Border officials were collecting facial scans as part of an expansion of facial recognition at border checkpoints.