The U.S. Customs and Border Protection service says images of travellers _ which it presumably collected at points of entry _ have been exposed in a malicious cyberattack.
The federal agency said Monday that license plate images were also exposed in an attack that compromised a subcontractor's computer network.
It did not specify how many images may have been copied and said none of the data has been identified on the internet or Dark Web.
CBP did not name the contractor. It said it learned of the data breach on May 31 and that the subcontractor had transferred copies of the images to its company network in violation of government policies and without the agency's authorization.
CBP said it has alerted members of Congress.