The biggest cybersecurity crises of 2019 so far
Six months of 2019 are on the books already, and there have certainly been six months' worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and harbingers of cyberwar to show for it. But the hallmark of 2019, perhaps, is feeling like the worst is yet to come. Ransomware is an ever-growing threat, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide.
Before we see what the future holds, though, let us recap some of the major cybersecurity incidents that have cropped up so far this year.
In May, a surveillance contractor for US Customs and Border Protection suffered a breach, and hackers stole photos of travellers and license plates related to about 100,000 people. The Tennessee-based contractor, a long time CBP affiliate known as Perceptics, also lost detailed information about its surveillance hardware and how CBP implements it at multiple US ports of entry. The Perceptics breach was first reported by The Register, and CBP officials later disclosed the incident to The Washington Post. Though CBP was hesitant at first to admit that Perceptics was the contractor that had suffered the breach, the agency sent a Microsoft Word document to the Post titled "CBP Perceptics Public Statement" in its initial response. Days later, posted the stolen Perceptics data to the dark web. On Tuesday, CBP suspended Perceptics from federal contracting, though it did not say why.
CBP has spent the past two decades ramping up its use of border surveillance technologies, and there appears to be no end in sight. For example, the agency wants facial recognition scans to be standard in the top 20 US airports by 2021. But civil rights and privacy advocates say that these aggressive initiatives pose a danger to US citizens and the global community in general. The Perceptics incident is seen as a clear example of those risks. As Jeramie Scott, senior counsel at the Electronic Privacy Information Center, told WIRED in June, "The agency simply should not collect this sensitive personal information if it cannot safeguard it."