U.S. Customs and Border Protection (CPB) says license plate images and photos of travelers headed into and out of the country were stolen in a "malicious cyberattack" of an unnamed subcontractor at the end of May, the Washington Post reported.
In a statement, the agency said a subcontractor "had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network. The subcontractor's network was subsequently compromised by a malicious cyber-attack."
CPB added that it has notified Congress and is working with other law enforcement and cybersecurity entities to investigate the incident and determine its scope.
Fewer than 100,000 people are thought to be affected by the hack, a CPB spokesperson told CNN. The images stolen were of travelers passing through a “few specific lanes at a single land border” over the course of a month and a half. As of Monday, none of the images had been found on the internet or on the dark web.
Collecting sensitive biometric information
American Civil Liberties Union (ACLU) Senior Legislative Counsel Neema Singh Guliani pointed out that the CPB breach has come to light at a time when the agency is expanding its use of face recognition technology called Biometric Exit at departure gates in several U.S. airports.
"This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” said in a statement. “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices.”