United States Customs and Border Protection (CBP) has revealed that photos of travelers coming into and out of the country were stolen in a cyberattack in May.
“In violation of CBP policies and without CBP’s authorization or knowledge, [a subcontractor] transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” CBP said in an emailed statement, according to CNet. “The subcontractor’s network was subsequently compromised by a malicious cyberattack.”
The agency, which learned of the breach on May 31, added that none of the images have been identified on the internet or on the dark web, but didn’t reveal how many people were impacted or how many images were stolen. None of CBP’s systems were compromised in the attack.
As a result of the breach, CBP has removed from service all of the subcontractor’s equipment and is monitoring its work. It has also notified members of Congress and is investigating the breach along with law enforcement and cybersecurity agencies, as well as its Office of Professional Responsibility.
“CBP will unwaveringly work with all partners to determine the extent of the breach and the appropriate response,” it said.
The news has raised more concerns over CBP’s decision to expand its use of facial recognition system Biometric Exit at airports across the nation.
“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” Neema Singh Guliani, American Civil Liberties Union senior legislative counsel, said in an emailed statement. “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”