Border agency data breach exposes 1.38M licence plates

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Licence plate data breach overview: 

• Who: The Office of the Privacy Commissioner of Canada says that a total of 1.38 million licence plate images were exposed during a data breach on a third-party contractor for the Canada Border Services Agency. 
• Why: The OPC’s figure for the amount of licence plate images exposed is higher than the 9,000 figure Canada’s border agency originally told them had been compromised by bad actors. 
• Where: Canada. 

The federal privacy watchdog revealed that a data breach at a contractor for the Canada Border Services Agency led to the unauthorised access of up to 1.38 million licence plates and related information. 

The Office of the Privacy Commissioner of Canada (OPC) says it determined through its investigation that Canada’s border agency was inconsistent in the way it handled licence plate information and had a lack of security in place to protect it. 

“Our investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information,” the OPC said. 

The OPC’s investigation began in 2019 after it was reported in the news that there had been a cyber attack on a third-party contractor based out of the United States that was used by both the U.S. and Canada’s border agency, reports The Canadian Press. 

Canada border agency contractor had systems breached through unpatched, decommissioned server

Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web, according to the OPC. 

Canada’s border agency told the privacy commissioner at the time that the breach had exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario, reports The Canadian Press. 

The actual amount would be determined to be significantly higher, according to the OPC’s investigation report. 

“While the bad actors had access to approximately 1.4 million images that were on the contractor’s network at the time of the breach, approximately 11,000 were confirmed to have been posted on the Dark Web,” the OPC said. 

Last month, StockX agreed to pay $130,000 in order to resolve claims the company failed to protect the personal information of consumers during a data breach in 2019. 

Was your licence plate exposed in the data breach? Let us know in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Canadian government class action alleges 2020 data breach compromised personal information of thousands
• TJX recall announced for outdoor metal hanging chairs due to fall hazard
• DeWALT recall announced for 1.4M miter saws due to injury, laceration hazards
• NUK recall of First Choice glass baby bottles announced due to high lead content