One of the US’s most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach after news site The Register was sent files stolen from it last week.
The company is probably best known for designing the licence plate imaging systems used at the US border crossings with Mexico and Canada.
According to the site, a hacker using the identity “Boris Bullet-Dodger” claimed to have compromised the company, providing a list of 34 compressed directories amounting to hundreds of gigabytes and almost 65,000 files as evidence.
Some of them look like software development directories, covering file types such as .htm, .html, .txt, .doc, .asp, .tdb, .mdb, .json, .rtf, .xls, and .tif.
More concerning are the directories such as Platedatabase.rar and Plateworkbench.rar and image files the site speculates could be license plates captures.
Also among the files were MP3 files of songs by Stevie Wonder, the Spice Girls, AC/DC and Cat Stevens, which hints at the possibility that the data was taken from an individual’s computer rather than an exposed share.
The most recent directory has a data stamp of 17 May 2019, which not only underlines how recently data appears to have been pilfered but potentially makes it more up-to-date and therefore valuable.
According to The Register, Perceptics confirmed to it that some kind of data compromise had happened without offering further details.
What’s the concern?
The Register connects the Perceptics compromise and the Boris Bullet Dodger identity to the hack of CityComp earlier in May, which had its data released into the public domain after it refused to pay a ransom demand.
For Perceptics, the concern that some or all of this company data, including financial information, is now said to be circulating on the dark web.
For the public, the concern is that license plate or other sensitive data might have been compromised, although that possibility is speculation at this stage.
Unless some of this data relates to members of the public or customers, the company is unlikely to have to issue a wider alert and the incident will remain a private matter.
Breaches aren’t the only way such data can enter the public domain. In 2015 the Electronic Frontier Foundation (EFF) discovered that automated license plate readers used by police patrol cars in a list of US states were streaming live on the web.
anonymous coward
One can only hope that this happens so frequently that governments are forced to stop using this kind of tracking technology.