Government surveillance photos of international travelers and license plates were hacked as part of a “malicious cyber-attack” on a federal contractor, U.S. Customs and Border Protection said in a statement Monday.
None of the photos have ended up online, according to CBP, but the agency said in the statement that it’s working to figure out, “the extent of the breach and the appropriate response.”
The hack took place after the images were transferred to the network of a private subcontractor, which CBP said was a violation of department policy.
“No CBP systems were compromised,” the agency said in the statement.
The subcontractor broke multiple security and privacy protocols, according to CBP, which continues to investigate the incident. Federal officials said they learned of the violations and subsequent attack late last month.
The ACLU responded to the news calling on the federal government to end those type of data collection efforts.
“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” ACLU Senior Legislative Counsel Neema Singh Guliani said in a statement on Monday.
Guliani warned against CBP expanding the use of facial recognition technology and said that Congress should investigate how the agency collects and uses personal data.
