U.S. Customs and Border Protection has confirmed to The Washington Post a data breach has exposed photos of travelers and vehicle information of those entering or exiting the country. The information was accessed through a subcontractor in what was called a "malicious cyber attack."

"CBP learned a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” said an agency statement. “Initial information indicates the subcontractor violated mandatory security and privacy protocols outlined in their contract."
The agency first learned of the breach on May 31 and said as of Monday none of the information obtained had been identified on the dark web, but promised to work with appropriate authorities to investigate the incident.

"CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility, to actively investigate the incident," the agency said in a statement to The Hill.

The breach comes after widespread concerns surrounding the Department of Homeland Security's usage of facial recognition software. The department expressed their hopes for the software to replace traditional travel documents for 97 percent of domestic travel by 2023, according to a report released by the department.

Another blemish on the record of the software came last September when a report — released by the Department of Homeland Security's Office of the Inspector General — announced the program had numerous challenges that needed to be handled before a wide rollout.

"During the pilot, CBP encountered various technical and operational challenges that limited biometric confirmation to only 85 percent of all passengers processed,” the report said. “These challenges included poor network availability, a lack of dedicated staff, and compressed boarding times due to flight delays.”