A Border Patrol database of traveler photos and license plate images was "compromised by a malicious cyber-attack."
A US Customs and Border Protection subcontractor suffered a data breach that exposed the photos of tens of thousands of travelers coming in and out of the United States, the agency revealed Monday, in what it described as a "malicious cyber-attack."
The database of identifying traveler photos and license plate images had been transferred to a CBP subcontractor's network without the federal agency's authorization or knowledge, CBP explained. The subcontractor's network was then hacked, though CBP said its own systems had not been compromised.
The compromised photos were taken of travelers in vehicles coming in and out of the US through specific lanes at a single Port of Entry over a one and a half months period. Less than 100,000 people had their information compromised by the attack, according to a law enforcement official.
No other identifying information was included with the photos and no passport or other travel document photos were compromised, the official said. Images of airline passengers from the air entry and exit process were also not involved.
The cyberattack comes amid the ongoing rollout of CBP's “biometric entry-exit system,” the government initiative to biometrically verify the identities of all travelers crossing US borders. As BuzzFeed News reported earlier this year, CBP is scrambling to implement the initiative with the goal of using facial recognition technology on “100 percent of all international passengers,” including American citizens, in the top 20 US airports by 2021. And it is doing so in the absence of proper vetting, regulatory safeguards, and what privacy advocates say is in defiance of the law, BuzzFeed News found.