On July 21, 2021, the Customs and Border Protection (CBP) announced that data security vulnerabilities identified within their Mobile Passport Control application put over 10 million travelers’ personal identifiable information (PII) at risk between July 2017 and December 2019, according to an audit conducted by the U.S. Department of Homeland Security’s (DHS) Office of the Inspector General.
The CBP failed to scan the Mobile Passport Control application for data security vulnerabilities, to perform data privacy compliance reviews, and to properly manage the application’s system configuration.