Facial recognition company Clearview AI, which works with hundreds of law enforcement agencies, has stated that the firm’s entire client list has been stolen, including how many users each client has, and how many searches they have completed using the service.
The Daily Beast reports that facial recognition firm Clearview AI has revealed that an intruder “gained unauthorized access” to its customer list, the number of user accounts the customer had set up, and the number of searches that customers have conducted using the service. Hoan Ton-That, the founder and CEO of Clearview AI, made headlines recently after stating that he has a First Amendment right to scrape through billions of photos online to add to his company’s database of three billion pictures.
Clearview AI has developed a system that allows users to upload a photo of a person to the app and see public photos of that person, along with links to where those photos appeared. The system scrapes information from Facebook, YouTube, and millions of other websites.
Clearview AI’s facial surveillance systems have been licensed to over 600 law enforcement agencies from the FBI to the Department of Homeland Security and regular local police departments. The system operates with almost no oversight, is reportedly exempt from biometric data laws, and has been marketed widely to law enforcement agencies.
Clearview AI has revealed to its customers via a notification that the company’s servers were not breached during the “unauthorized access” and there was “no compromise of Clearview’s systems or network.” The firm claims to have fixed the vulnerability and claims that the intruder did not obtain any law-enforcement agencies’ actual search histories.
Tor Ekeland, an attorney for Clearview AI stated: “Security is Clearview’s top priority. Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
David Forscey, the managing director of the no-profit Aspen Cybersecurity Group, commented on the breach stating: “If you’re a law-enforcement agency, it’s a big deal, because you depend on Clearview as a service provider to have good security, and it seems like they don’t.”