Facial recognition firm's entire client list exposed in data breach

Feb. 26 (UPI) -- Clearview AI, a New York-based facial-recognition software company, said Wednesday that its entire database was exposed in a data breach.

The company sent a notification to its customers saying that an intruder gained unauthorized access to its list of customers, the number of user accounts those customers had set up and how many searches they conducted.

Clearview added that the company's servers were not breached and that there was no compromise of its systems or network.

The company said it fixed the vulnerability and the intruder didn't obtain search histories of law enforcement agencies that use the service.

Tor Ekeland, an attorney for Clearview, said that security is the company's top priority.

"Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw and continue to work to strengthen our security," Ekeland said.

Clearview's client base is mostly made up of law enforcement agencies including police departments in Toronto, Atlanta and Florida.

It has a database of 3 billion photos it collected from websites including YouTube, Facebook, Venmo and LinkedIn.

Sen. Ed Markey, D-Mass., who has previously said the company poses "chilling privacy risks" condemned the company's inability to prevent the breach.

"Clearview's statement that security is its 'top priority' would be laughable if the company's failure to safeguard its information wasn't so disturbing and threatening to the public's privacy," Markey said. "This is a company whose entire business model relies on collecting incredibly sensitive and personal information and this breach is yet another sign that the potential benefits of Clearview's technology do not outweigh the grave privacy risks it poses."