The Customs and Border Protection said a cyber attack on a federal subcontractor compromised photos of travelers and license plates, The Washington Post reported Monday.
CBP said the data breach was discovered on May 31 and did not include travel document images and other identifying information. The compromised images are part of a facial recognition program CBP implements to determine the identity of individuals entering and exiting the country.
The agency said fewer than 100,000 people had their images stolen and none of those pictures had been spotted on the internet or dark web. CBP noted that no agency systems were impacted and that copies of people’s faces and license plate images were moved to the subcontractor’s network, breaching the agency’s privacy and security rules, according to the report.
