Preceptics, a company that provides license plate readers, license plate recognition systems and vehicle identification products has been hacked and the consumer information gleaned from that hack is being offered on the Dark Web for free.
— Sarah Marville, SHRM-CP (@sarahmarville) May 28, 2019
Dov Goldman, Director of Risk & Compliance at Panorays:
“When we drive through an electronic toll gate, we’re happy that our license plate is scanned and the toll is charged to our credit card. Most likely, we don’t think about the privacy implications of this great convenience. The data breach at Perceptics, the largest manufacturer of license plate scanning systems, will force us to consider all the private data collected in this seemingly innocent transaction. The colorfully named “Boris Bullet-Dodge” hacking group has gained access to much more than just our license plate numbers by penetrating this government contractor’s information systems. Perceptics collects personal data for payment (credit card, bank account) and vehicle inspection status, not to mention exactly where we are at a given date and time. Responsible government procurement and outsourcing depends on rigorous assessment of each contractor’s information security and privacy capabilities. It goes way beyond determining the level of their cybersecurity policies and procedures, which should be standard operating procedure for any procurement process, before a contract is awarded. It must extend to the continuous monitoring of these contractors and their data systems, without which it’s impossible to safeguard citizens’ privacy and the security of their personal data.”