A cyber-attack compromised photos of travelers and license plates collected by U.S. Customs and Border Protection, the agency said Monday.
CBP said in a statement that a subcontractor’s network was “compromised by a malicious cyber-attack,” adding that it has “alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident.”
The agency said it discovered the breach May 31.
The Washington Post reported that an anonymous official said Perceptics, a data firm, was using the data to match faces with license plates — outside of CBP’s sanctioned use — and that an emailed document from CBP originally called its statement a “CBP Perceptics Public Statement." But a spokesperson for CBP told the Post she could not confirm if Perceptics was the source of the breach.
Perceptics did not immediately respond to a request for comment.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” the CBP said in its statement.
Rep. Bennie G. Thompson (D-Miss.) said in a statement Monday he planned to hold hearings on Homeland Security’s use of biometric data.