What was stolen:
> The compromised photos were taken of travelers in vehicles coming in and out of the US through specific lanes at a single Port of Entry over a one and a half months period.
What wasn't stolen:
>No other identifying information was included with the photos and no passport or other travel document photos were compromised, the official said. Images of airline passengers from the air entry and exit process were also not involved.
Sounds like CBP's issue was less about compartmentalizing, more about controlling for how the subcontractor accessed the data.
Honestly the problem sounds more like something borne from ignorance than malice. It's a headache having to download every image you have to analyze, so why not copy the whole thing to a local network drive and work with it here? And then some hacker lifted it from the local network drive.
Anyway I wasn't talking about the CBP specifically. I was responding to the question about why decentralization saves you from compromise. My response was that compartmentalization is useful for damage control.