US. Customs and border guards said Monday that photos of travelers had been compromised as part of a "malicious cyberattack," and expressed concerns over how US federal officials 'increased surveillance efforts could endanger Americans' privacy.
Customs officials said in a statement Monday that the pictures containing photos of license plates had been compromised as part of an attack on a federal subcontractor.
The agency maintains a database of passport and visa photos that are used at airports as part of a facial treatment of the agency's recognition program. CBP declined to say which pictures were stolen or how many people were affected.
However, CBP uses large numbers of cameras and video recordings in arrivals halls of international airports as well as land border crossings where license plates are also registered.
A CBP statement states that none of the image data was identified "on the dark web or on the Internet" The Registers, a UK technology news site, reported late last month that a large amount of data breached by Perceptics was offered as a free download on the Dark Internet. However, a Microsoft Word CBP public statement document sent to Washington Post reporters on Monday contained the name "Perceptics" in the title: "CBP Perceptics Public Statement".
Perceptics representatives did not immediately respond to requests for comments.
] CBP spokeswoman Jackie Wren said she "can not confirm" whether Perceptics was the source of the violation or how many photos and biometric data could have been stolen from people.
It is unclear whether passport or face recognition photos were included in the security breach.
Perceptics and other companies offer automated license plate readers that federal officials can use to track a vehicle or its owner when driving on public roads.
Immigration officials have used such databases to track down people who may be illegally present in the country. The data was also used by police to search for potential criminal suspects.
The infringement raised rights and privacy officials who said this was a sign that the government's growing image identification database had made this a seductive target for hackers and cybercriminals.
"This gap is coming as CBP seeks to expand its massive facial recognition device and travelers' collection of sensitive information, including license plate information and social media identifiers," said Neema Singh Guliani, senior legal advisor to the American Civil Liberties Union. "This incident further underscores the need to curb these efforts and urge Congress to investigate the agency's data practices – the best way to avoid violations of sensitive personal information is not to collect and keep it."
Nick Miroff contributed to this report.