Photos of U.S travelers and license plate images were stolen from an extensive photo database of travelers maintained by Customs and Border Protection (CBP), the agency confirmed.
The breach involved images of fewer than 100,000 people and were taken of travelers in vehicles entering and exiting the U.S. through a few specific lanes at a single port of entry over 1.5 months.
In a statement, a CBP spokesperson said it learned on May 21 that a "subcontractor ... had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack."
Additionally, the subcontractor had transferred the photos to its own network and was "in violation of CBP policies and without CBP’s authorization or knowledge."
"As of today, none of the image data has been identified on the Dark Web or internet," the agency said. "CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident."