A threat actor by the alias “Boris Bullet-Dodger” broke into the database of a company that provides license plate readers for the U.S. government to use at the Mexican border.
Tennessee-based Perceptics said Thursday it had been breached and that the attacker posted its contents on the dark web, according to The Register.
The attacker leaked 65,000 file names and accompanying directories including files that contained location data, zip codes, presumed government clients, dates, timestamps, image files and other sensitive data that amounted to hundreds of gigabytes of information.
A Perceptics spokesperson told the publication that it is alerting the customers who were affected and is working with authorities to investigate the incident. Panorays Director of Risk & Compliance Dov Goldman noted that there is a significant risk that commuters pay for the convenience of services that allow them to simply drive through tollbooths on roadways.
"The data breach at Perceptics, the largest manufacturer of license plate scanning systems, will force us to consider all the private data collected in this seemingly innocent transaction," Goldman said. "The colorfully named "Boris Bullet-Dodge" hacking group has gained access to much more than just our license plate numbers by penetrating this government contractor's information systems. Perceptics collects personal data for payment (credit card, bank account) and vehicle inspection status, not to mention exactly where we are at a given date and time."
Goldman went on to say that rigorous assessment should be carried out for each contractors cybersecurity and privacy capabilities which extends into continuous monitoring of these contractors and their data systems. Perceptics told SC Media they are aware of the breach, have notified their customers and that the investigation is ongoing.