Send news tips, story ideas and advertising questions to news@emporianews.com.

Emporia News is best read in LANDSCAPE view on Mobile Devices. Please rotate your phone or tablet.

Current Weather Conditions

 
Seven Day Forecast for Emporia, Virginia
 

Community Calendar Sponsored By...

 

WARNER RAISES QUESTIONS ABOUT CYBERSECURITY PRACTICES AMID BREACHES INVOLVING SENSITIVE BIOMETRIC DATA

~ Requests answers from U.S. Customs and Border Protection and Suprema HQ Inc. ~

 

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and former tech entrepreneur, wrote to U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate but alarming incidents that impacted both entities and exposed Americans’ personal, permanently identifiable data. In a letter to CBP, Sen. Warner inquired about the information security practices of CBP contractors, in light of a June cyberattack that resulted in the theft of tens of thousands of facial images belonging to U.S. travelers. In a separate letter, Sen. Warner requested more information from Suprema HQ, the company that owns web-based biometric lock system, Biostar 2, which experienced a cyber incident in August, resulting in the exposure of permanently identifiable biometric data belonging to at least one million people worldwide.
 
“While all of the stolen information was sensitive and required protection, facial image data is especially sensitive, since such permanent personal information cannot be replaced like a password or a license plate number,” wrote Sen. Warner to Acting CBP Commissioner Mark Morgan.  “It is absolutely critical that federal agencies and industry improve their track records, especially when handling and processing biometric data. Americans deserve to have their sensitive information secured, regardless of whether it is being handled by a first or a third-party.”
 
In June, CBP announced the theft of at least 100,000 traveler ID photos from a CBP subcontractor that had improperly transferred copies of these photos from CBP servers to its own company database. In addition to facial images, the cyberattack resulted in the theft of several gigabytes of data, including license plate photos, confidential agreements, hardware blueprints for security systems, and budget spreadsheets.
 
In the letter to CBP, Sen. Warner expressed alarm regarding the failure of federal agencies to ensure that Americans’ sensitive information is safe in the hands of contractors. He also asked CBP to provide timely answers to a series of questions regarding the information security practices of CBP contractors and subcontractors. Among these questions, Sen. Warner requested details on CBP’s third-party contractual requirements concerning database encryption, biometric data management, vulnerability management, logging data retention, and identity and access management, among other security measures.
 
Similarly, in his letter to Suprema HQ, Sen. Warner raised concerns about the Biostar 2 incident, which exposed permanently identifiable biometric data, including user photos.
 
“Unlike passwords, email addresses and phone numbers, biometric information in voices, fingerprints, and eyes are unique data that are impossible to reset. Biometric data can be used effectively for unauthorized surveillance and access to secure facilities, to steal identities, and is even valuable in developing deepfake technologies,” wrote Sen. Warner to Suprema HQ CEO James Lee. “It is my understanding that your customers use your biometric security system to provide access to secure facilities, and that the product has also been integrated into Nedap’s AEOS access control systems, which are used by at least 5,700 organizations in 83 countries, including banks and foreign law enforcement entities.  Given the sensitivity of this information, it is absolutely critical that companies like yours exercise exceptional due care when collecting and securing biometric information, and when contracting with customers that collect permanent personal information.”
 
The Biostar 2 breach resulted in the online exposure of more than one million fingerprint records, in addition to user images, personal details, usernames and passwords, and employee security clearances. The breach also revealed that large portions of the Biostar 2 database were unprotected and unencrypted. In the letter, Sen. Warner asked Suprema HQ to list which U.S. businesses are served by the company. He also requested more information on the company’s practices regarding server security, biometric data storage security, and database encryption.
 
Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In May, Sen. Warner introduced bold legislation to hold credit reporting agencies accountable for data breaches. He also introduced legislation earlier this year to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.

Emporia News

Stories on Emporianews.com are be searchable, using the box above. All new stories will be tagged with the date (format YYYY-M-D or 2013-1-1) and the names of persons, places, institutions, etc. mentioned in the article. This database feature will make it easier for those people wishing to find and re-read an article.  For anyone wishing to view previous day's pages, you may click on the "Previous Day's Pages" link in the menu at the top of the page, or search by date (YYYY-M-D format) using the box above.

Comment Policy:  When an article or poll is open for comments feel free to leave one.  Please remember to be respectful when you comment (no foul or hateful language, no racial slurs, etc) and keep our comments safe for work and children. Comments are moderated and comments that contain explicit or hateful words will be deleted.  IP addresses are tracked for comments. 

EmporiaNews.com serves Emporia and Greensville County, Virginia and the surrounding area
and is provided as a community service by the Advertisers and Sponsors.
All material on EmporiaNews.com is copyright 2005-2019
EmporiaNews.com is powered by Drupal and based on the ThemeBrain Sirate Theme.

Submit Your Story!

Emporia News welcomes your submissions!  You may submit articles, announcements, school or sports information or community calendar events via e-mail on news@emporianews.com. 

Contact us at news@emporianews.com
 
EmporiaNews.com is hosted as a community Service by Telpage.  Visit their website at www.telpage.net or call (434)634-5100 (NOTICE: Telpage cannot help you with questions about Emporia New nor does Teplage have any input the content of Emporia News.  Please use the e-mail address above if you have any questions, comments or concerns about the content on Emporia News.)