U.S. Customs and Border Protection has confirmed a data breach has involved the photos of passengers traveling in and out of the United States.
The photos were stolen from a subcontractor’s network through a “malicious cyberattack,” a CBP spokesperson told TechCrunch in an email. The agency first learned of the breach on May 31.
“CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” said a statement.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” the statement read.
When asked, a spokesperson for CBP didn’t say how many photos were taken in the breach or if U.S. citizens were affected. The agency also didn’t name the subcontractor involved.
CBP, which processes millions of travelers entering the U.S. every week, maintains a database of traveler images, including passport and visa photos.