The federal privacy watchdog says a data breach at a contractor for Canada's border agency involved as many as 1.38 million licence plate images.
In a report released today detailing its investigation, the privacy commissioner's office cites inconsistencies in the way the Canada Border Services Agency managed licence plate information and a lack of security measures.
The watchdog began its probe following 2019 media reports of a cyberattack on a U.S.-based third-party contractor used by both the Canadian border agency and its U.S. counterpart.
At the time, Canada's border agency told the privacy commissioner the breach included approximately 9,000 photos of licence plates collected from travellers entering Canada at the Cornwall, Ont., border crossing.
The investigation revealed the number of Canadian border agency licence plate image files compromised in the breach was much higher — up to 1.38 million, including duplicates.
The report says that of those, about 11,000 were posted on the dark web — the shadowy, underground reaches of the internet.