A group of cybersecurity researchers has reported a massive security breach at one of England’s high-end traffic system called automatic number-plate recognition (ANPR). Over 8.6 million individual car licenses and travels have been leaked online. The cause of the major breach has not yet been identified. If you’re one of the cars involved, is there something you should worry about?
Breach! 8.6 million individual cars exposed in England’s camera traffic database
As reported via Daily Mail UK, England’s high-end technology in traffic control has recently been compromised– causing over 8.6 million car licenses and travels to be exposed online.
The traffic system called automatic number-plate recognition (ANPR) holds a database of all individual license plates, time of day, and intersection location from 100 different cameras placed around the city of Sheffield, England.
The system automatically records all info through their traffic cameras to track all the vehicles coming in and out of the city. This means that every vehicle that crossed the city have their info saved on the said records. Unfortunately, the same database had said to experience a recent massive breach, and all info are now available to be accessed online.
How did this happen?
As explained by security specialist Chris Kubecka and writer Gerard Janssen, the said security system of the city was first implemented in 2014 but first recorded car info since 2018. An estimated number of 21,000 entries were saved on the said system every single day. In total, it has over 8.6 million car licenses and travels for the past two years.
Using Censys.io, a tool that analyzes web hosts for potential security flaws, the team of researchers found out about the breach. Worse, the database is now said to be available online without any need for passwords or authentication processes.
There’s nothing to worry about
Eugene Walker, Sheffield’s executive director of resources, is shocked when he first heard about the said breach. The department admits that the breach was totally unacceptable for the owners of the vehicles. However, they clarified that no individuals had been harmed or ‘suffered any detrimental effects’ because of the breach.
“We take joint responsibility for working to address this data breach,” Walker said in a statement with David Hartley, assistant chief constable of the South Yorkshire Police. “It is not an acceptable thing to have occurred.”
The breach shows how surveillance cameras don’t have enough security
Edin Omanovic of Privacy International, a non-profit that advocates for improved data security, has revealed on the report that this is not shocking news regarding security cameras. He even insisted that the breach showed how surveillance cameras can be easily hacked and used online– if hackers want to.
“Time and again we’ve seen the introduction of surveillance tech for very specific purposes, only to creep into other areas of enforcement. ANPR use must be proportionate to the problem it’s trying to address – it’s not supposed to be a tool of mass surveillance,” said Omanovic. “Both the council and police have a responsibility to ensure their use is proportionate and subject to a data protection impact assessment.”