US Customs leaks meta-data in leak announcement

US Customs revealed the name of a hacked subcontractor (presumably accidentally) in the title of a Word document:

A contractor for US Customs and Border Protection has been breached, leaking photos and other sensitive data, the agency announced on Monday. Initially described as “traveler photos,” many of the images seem to be pictures of traveler license plates, likely taken from cars at an automotive port of entry.

Customs has not named the contractor involved in the breach, but a Washington Post article noted that the announcement included a Word document with the name Perceptrics, a provider of automated license plate readers used at a number of southern ports of entry.

License plate photos compromised after Customs contractor breach

So they can’t secure the data. And they can’t secure the data announcing the failure to secure the data.

If you think the government can actually secure your data (or even their own hacking tools), you are fooling yourself.

Update: Customs and Border Patrol has suspended all contracts with this supplier as a result of the breach.