WASHINGTON - Photos of travelers and license plates heading in and out of entry points to the U.S. were compromised in a data breach, U.S. Customs and Border Protection announced Monday.
A CBP spokesperson issued a statement saying the agency learned of the breach on May 31, when a subcontractor transferred copies of license plate and traveler photos obtained by CBP to a subcontractor network.
The statement goes on to say that CBP did not authorize the transfer, nor did it have any knowledge of the practice because it is “in violation of CBP policies.”
“The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised,” the statement said.
So far, none of the image data has been found on the internet or Dark Web, according to CBP. It has also notified Congress and is working with law enforcement and cybersecurity agencies as well as its own Office of Professional Responsibility to investigate what happened.
The statement did not provide details on the contractor or how many people may be affected by the data breach.
“CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors do the same,” the agency spokesperson said.
Later Monday, CBP officials said that "fewer than 100,000" people were affected by the breach. The official also said that the photographs were of travelers in vehicles entering and exiting the U.S. through "a few specific lanes at a single land border Port of Entry over a 1.5 month period."
"No other identifying information was included with the images. No passport or other travel document photographs were compromised, and no images of airlines passengers from the air entry/exit process were involved," the updated statement said.
This story was reported from Los Angeles.