The suspension of a long-time government contractor following a security breach shows that the government intends to use the suspension/debarment process to investigate and perhaps punish contractors for cyber security failures. According to limited information in the Government’s System for Award Management (SAM), Perceptics, LLC was declared “Ineligible (Proceedings Pending)” on June 2, 2019 by the U.S. Customs and Border Protection (CBP).
According to news reports, a group called “Team Snatch” had access to Perceptics’s computer systems for over four months. Perceptics has provided the government with license plate scanners and other surveillance tools for over thirty years in critical entry points between the United States and Mexico. The group demanded a ransom payment from Perceptics, which Perceptics did not pay. Team Snatch then leaked Perceptics’s information to the “dark web” – a collection of websites on encrypted networks. According to the Washington Post, “the hack exposed detailed records about sensitive CBP contracts worth hundreds of millions of dollars and included precise details on the surveillance hardware used at massive ports of entry between the United States and Mexico.” Additionally, Team Snatch leaked unique license plates and photos of travelers. This information was then picked up and distributed to more people on the dark web by a group called “Distributed Denial of Secrets”.
To CNN, a CBP representative said, “CBP does not authorize contractors to hold license plate data on non-CBP systems.” Perceptics maintains it did not err in how it handled information and will have the opportunity to defend itself during suspension proceedings. However, the reputational and contractual losses alone must already be significant. According to other news reports, Perceptics is in danger of losing out on use of its technology for New York City’s congestion pricing that it recently pitched.
The incident is yet another example of the importance of comprehensive data privacy and cybersecurity plans. Berenzweig Leonard has helped companies take diligent protection steps ahead of time, while also being able to actively defend against threats.
Berenzweig Leonard is teaming up with Red Team Consulting for a monthly newsletter featuring reports on recent contract decisions, recent upcoming contracts, key protest decisions, events, and more. This post was published in the July 2019 newsletter. To sign up for our govcon newsletters, please click here.
Terry wishes to acknowledge the excellent research of Intern Alex Dondershine who contributed significantly to this blog.