A company with a huge database of facial images informed its law enforcement customers this week that it suffered a data breach.

New York-based Clearview AI scrapes the Web for publicly available images of people’s faces to compile a database of billions of images, then sells access to law enforcement agencies. It disclosed Wednesday to its law enforcement customers that an “intruder gained unauthorized access” to its customer list. The intruder also obtained user accounts and number of searches, according to a story in The Daily Beast.

Clearview says the breach did not compromise its database of billions of facial images.

“Security is Clearview’s top priority,” Clearview’s attorney, Tor Ekeland, said in a statement provided to The Daily Beast. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

On its Website, Clearview brags that its database has “helped law enforcement track down hundreds of at-large criminals,” helped solve “some of the toughest cold cases,” and has also been used to “exonerate the innocent and identify the victims of crimes.”

Critics have called the company’s business model of selling searches for peoples’ facial images to law enforcement an invasion of privacy and noted the recent data breach has amplified their concerns.

“Clearview’s statement that security is its ‘top priority’ would be laughable if the company’s failure to safeguard its information wasn’t so disturbing and threatening to the public’s privacy,” said Senator Ed Markey (D-Mass.), in a statement issued Wednesday. “This is a company whose entire business model relies on collecting incredibly sensitive and personal information, and this breach is yet another sign that the potential benefits of Clearview’s technology do not outweigh the grave privacy risks it poses.”

Sen. Ron Wyden (D-Ore.) was also critical of Clearview.

“Shrugging and saying data breaches happen is cold comfort for Americans who could have their information spilled out to hackers without their consent or knowledge,” Wyden said in a statement posted to Twitter. “Companies that scoop up and market vast troves of information, including facial recognition products, should be held accountable if they don’t keep that information safe.”

A New York Times story in January said Clearview has “hundreds” of law enforcement customers, from local and county police departments to federal agencies like the FBI and the Department of Homeland Security.

The company says its searches and resulting database are protected by the First Amendment. Social media companies like Facebook and Twitter have alleged that such searches violate their terms of use.

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.

Topics