A facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers.
In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.” The company also said it fixed the vulnerability and that the intruder did not obtain any law-enforcement agencies’ search histories.
Tor Ekeland, an attorney for the company, said Clearview prioritizes security.
“Security is Clearview’s top priority,” he said in a statement provided to The Daily Beast. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
The firm drew national attention when The New York Times ran a front-page story about its work with law-enforcement agencies. The Times reported that the company scraped 3 billion images from the internet, including from Facebook, YouTube, and Venmo. That process violated Facebook’s terms of service, according to the paper.