The data breach underlines the need for tighter controls over what the US government can do with our data.

The news: US Customs and Border Protection (CBP) has disclosed that hackers breached a subcontractor’s systems and stole photographs the agency had taken of travelers and vehicle license plates at border crossings. As many as 100,000 people may have had their information compromised in the attack, the New York Times reported, citing an unnamed government official.

CBP’s revelation comes a week after Perceptics, a company that makes license plate readers used by the US government, was reportedly hacked. It’s not yet clear if there is any connection between the two incidents.

The irony: CBP is part of the Department of Homeland Security (DHS), which is charged with boosting cybersecurity in the US. The incident makes clear, however, that the DHS needs to take a harder look in its own backyard. CBP says the subcontractor breached security and privacy protocols by transferring images to its own network without the agency’s approval.

The response: CBP, which first learned of the data breach on May 31, says it has taken the equipment involved out of service and that none of the stolen images have so far appeared online. Some politicians have already called on the government to review its systems for protecting people’s sensitive data. 

The bigger risk: Privacy activists are already concerned about how the US is embracing face recognition technology at airports and other border areas. The CBP breach will increase pressure on the US government to create clearer guidelines for collecting sensitive personal information—and for ensuring it doesn’t end up in hackers’ hands.

Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.