The US Customs and Border Protection (CBP) officials on Monday said that one of its subcontractors had been breached in a “malicious cyberattack,” exposing images of travelers coming in and out of the country.
About than 100,000 people had their information compromised by the attack, according to a law enforcement official.
The database, which comprised of photos of people’s faces and license plates, had been transferred to the subcontractor’s network without the federal agency’s authorization or knowledge, a CBP spokesperson told The Register.
However, the stolen photo data didn’t include any identifying information, and no passport or other travel document photos were compromised.
The breach first came to light on May 31.
Read also: NASA helicopter passes key Mars flight test
While the CBP didn’t take the name of the subcontractor, The Register had reported on May 24 that a hacker by the name “Boris Bullet-Dodger” pilfered data from Perceptics, a company that provides license plate reader technology for the US-Mexico border, and offered the dump as a free download on the dark web.
It’s not immediately clear if the two incidents are connected, although the CBP went on to confirm none of the image data has been identified on the Dark Web or internet.
News of the breach comes as facial recognition tech has been the subject of a growing debate among civil liberty groups and lawmakers, who have raised concerns related to false matches and arrests while balancing the need for public safety.