Photos of travellers and their licence plates stolen in a data breach, U.S. Customs and Border Protection says

U.S. Customs and Border Protection admits that photos of travellers crossing the U.S. border were stolen in a “malicious cyberattack,” Washington Post writes.

The images showed faces and licence plates and were taken in an attack on a federal subcontractor. The photos span a time period of a month and a half, showing fewer than 100,000 people crossing the border through “a single land border entry port.” According to CBP officials, no passport or other travel document photos were compromised.

CBP does not share which subcontractor was attacked. It also claims that none of the images have resurfaced “on the Dark Web or Internet.” However, according to The Register’s report from last month, data stolen from the firm Perceptics was available on the dark web for free. The company is a federal subcontractor, and the CBP’s public statement was entitled “CBP Perceptics Public Statement.”

CBP refers to the breach internally as a “major incident,” an anonymous U.S. official said. They also said Perceptics was planning to use the data to “refine its algorithms to match license plates with the faces of a car’s occupants,” and the incident involved pictures of people crossing the Canadian border.

The agency claims copies of the images collected by CBP were transferred to the subcontractor’s company network, which is against CBP’s security and privacy rules.