Sen. Mark Warner, D-Va., wants to know more about the security practices U.S. Customs and Border Protection has in place for third-party vendors, three months after a cyberattack on a CBP subcontractor resulted in the theft of tens of thousands of travelers’ biometric data.
In a Sept. 16 letter to acting CBP Commissioner Mark Morgan, Warner asked for answers to eight questions regarding the agency’s access management requirements, encryption standards and security evaluation policies, along with several other practices.
Warner wrote that he was “alarmed” about security breach on a subcontractor reported by CBP June 10 working on the U.S.-Mexico border. CBP found that the subcontractor had illegally transferred a CBP database to their network. The breach exposed facial and license plate photos. Subsequent reporting by the Washington Post suggested that gigabytes of other data was also stolen, like budget spreadsheets and confidential agreements.
CBP said at the time that the breach impacted less than 100,000 people. At a congressional hearing in front of the House Homeland Security Committee July 10, John Wagner, deputy executive assistant commissioner at CBP, testified that subcontractor was working on a pilot program and was not directly connected to the Department of Homeland Security’s network.
Warner stressed in his letter that the breach had significant ramifications. more