U.S. Customs and Border Protection said Monday that photos of travelers and license plates the agency has collected have been “compromised” after one of its subcontractors was hacked.
The federal law enforcement agency said in a statement that an unnamed subcontractor had transferred copies of images the government collected to its own company network and then was hit by “a malicious cyber-attack.” CBP, which learned of the breach late last month, said its systems were not affected.
The agency did not reveal how many people’s data was affected by the breach, or if they were U.S. citizens or travelers from other countries.
HuffPost reached out to CBP for further details but did not immediately receive a response.
The images taken may have been among those collected by a government facial recognition program to track people coming into and leaving the U.S, BuzzFeed News reported.
“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers,” American Civil Liberties Union attorney Neema Singh Guliani said in a statement. “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices.”
“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” Singh Guliani added.
While CBP said so far it hadn’t found any of the images or associated data online, last month British news outlet The Register reported that Perceptics ― a provider of license plate readers to the U.S. government for its border crossings ― was hacked and data was posted on the internet.
CBP did not respond to HuffPost’s question on whether the two breaches were related. But The Washington Post said a document sent to its reporters with CBP’s statement was titled “CBP Perceptics Public Statement.”
In the last few weeks, Congress has held two hearings on the use, and dangers, of facial recognition technology for surveillance by companies and government. In the first hearing, Rep. Alexandria Ocasio-Cortez (D-N.Y.) asked how the technology can “exacerbate” racial bias in the criminal justice system.
In a second hearing specifically on government uses of facial recognition tech, House Oversight Committee chairman Elijah Cummings (D-Md.) said such technology was “evolving extremely rapidly without any real guardrails.”
“Whether we are talking about commercial use or government use, there are real concerns about the risks that this technology poses to our civil rights and liberties and our right to privacy,” Cumming said, noting the Transportation Security Administration had launched pilot facial recognition programs in U.S. airports.
Rep. Rashida Tlaib (D-Mich.) said at the hearing: “This stuff freaks me out. I’m a little freaked out by facial recognition.”
“You should be freaked out, too,” the congresswoman followed up in a tweet. “The inaccuracy and threat to our privacy is real.”