Canada’s federal privacy commissioner has launched an investigation into the Canada Border Services Agency (CBSA), after the license plate reader system it uses was compromised months ago by a cyberattack.
The Perceptics plate reading system used by the CBSA was the very same system employed by US Customs and Border Protection, which came under attack last May by a hacker. The cyberattacker not only managed to breach Perceptics’ internal data, but also leaked the information on a dark website.
The compromised data leaked by the attacker included Perceptics’ payroll information, travel receipts, non-disclosure agreements and customs declarations
Because both border security agencies were using the same system, the Office of the Privacy Commissioner is checking if the attack also somehow affected Canadian records.
“Our office has continued to engage with CBSA and has initiated an investigation into the breach with respect to CBSA records,” a spokesperson for the privacy commissioner told CBC News in an email statement.
The spokesperson would not provide any more details about the investigation due to confidentiality provisions in the Privacy Act.
CBSA is also conducting its own internal investigation to determine if any of its data was stolen.
“The Canada Border Services Agency has received an investigation notice from the Office of the Privacy Commissioner related to the Perceptics cyberattack and we are committed to working with them throughout their investigation,” a CBSA spokesperson confirmed in a statement.
CBSA also mentioned that Public Services and Procurement Canada had reviewed Perceptics’ Canadian contract, later informing the border security agency that the vendor complied with all the terms.
The federal government has issued numerous contracts to Perceptics for its license plate reader and radio frequency identification services – which cost over $21 million in total.
CBC News reported that the CBSA still utilizes Perceptics’ plate reader system.