The Canada Border Service Agency is still using the licence plate reader linked to a US hack earlier this year
The CBSA is still using Perceptics’ licence plate reader equipment, despite the company having fallen victim to a cyberattack in the US.
The Canada Border Service Agency (CBSA) claims disclosing where it uses Perceptics’ technology would “jeopardize its operations”.
The attack meant that photos of travellers and licence plates collected for the US Customs and Border Protection (CBP) had been exposed in a data breach.
The CBSA uses the same licence plate reader technology employed by the CBP, and is undertaking a review to see if the data breach involved Canadian citizens and affected the CBSA’s operations.
In an email to CBC News, Canada Border Service Agency spokesperson, Nicholas Dorion, said: “The CBSA remains in contact with Perceptics on a daily basis to get updates on recent events and their actions on how they are addressing it.
“At this time, the CBSA continues to utilize the Perceptics licence plate reader equipment. While we continue to work towards a full forensic investigation, the vendor has implemented measures to prevent re-occurrence of a similar breach and will continue to adjust its security protocols as necessary.”
The US Customs and Border Protection were quick to downplay last month’s data breach, saying that less than 100,000 photos had been exposed and that none of the files had been uploaded to the Internet.
However, The Register was contacted by someone using the pseudonym ‘Boris Bullet-Dodger’ with a link to the hacked files, which were available on the dark web.
CBC News reported that the large cache of data includes internal Perceptics files such as payroll information, travel receipts, non-disclosure agreements and customs declarations and also contains information on their competitors and even several music playlists.
The posted files also name a number of Perceptics’ past and present clients, who have Canadian ties.