The company at the center of a major data breach last month has been found “preliminarily ineligible” to conduct business with the federal government pending a final decision, according to government contracting records published Tuesday.
The finding prohibits federal agencies from soliciting new offers and extending existing contracts with Perceptics LLC, a company that provides vehicle identification and license plate recognition technology for border security and other enforcement purposes. The company had been a contractor for Customs and Border Protection.
The company was found ineligible for federal contracting based “upon adequate evidence of conduct indicating a lack of business honesty or integrity, or a lack of business integrity” or other pending investigations, according to the records.
The Washington Post first reported on the federal suspension. Casey Self, a spokeswoman for Perceptics, defended the company’s record.
“Perceptics and its management categorically denies any illegal or unethical behavior, and we stand ready to meet to discuss this with the government in any setting and to demonstrate our support of the CBP mission,” she said. CNN has reached out to CBP for comment.
CNN reported last month that at least 50,000 American license plate numbers were made available on the dark web after the data breach, according to a CNN analysis of the hacked data. The company was never authorized to keep the information, the agency told CNN at the time.
“CBP does not authorize contractors to hold license plate data on non-CBP systems,” an agency spokesperson said.
In a statement when the breach was announced, CBP said it learned on May 31 that a subcontractor “had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyberattack.”
In addition to the license plate data, a CBP spokesperson said that photos of some travelers — fewer than 100,000 — had also been compromised.
The agency said at the time it had notified Congress and was working with law enforcement and cybersecurity entities to “determine the extent of the breach and the appropriate response.”