Clearview AI, the company whose database has amassed over 3 billion photos, has suffered a data breach, it has emerged. The data stolen in the hack included the firm’s entire customer list–which will include multiple law enforcement agencies–along with information such as the number of searches they had made and how many accounts they’d set up.
Clearview AI said the huge database of images was not part of the breach. The firm’s attorney, Tor Ekeland, said in statement to the Daily Beast that security “is Clearview’s top priority.”
“Unfortunately, data breaches are part of life in the 21st century,” Ekeland said. “Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
Clearview AI: Already a privacy concern
Clearview AI rose to fame last month, when the New York Times detailed how the company’s facial recognition program had scraped sources including Facebook and Twitter to build its massive database.
Used by law enforcement agencies including the FBI, Clearview AI is now coming under increasing scrutiny. A lawsuit was filed against the firm in Illinois, alleging that Clearview’s actions are a threat to civil liberties.
Although Clearview says it helps prevent crime, its technology is only accurate around 75% of the time–and even that claim cannot be proven. Adding to this, because facial recognition matching is all about probabilities, the sheer breadth of Clearview AI’s database makes it much harder to be accurate.
The Clearview AI data breach: Does it matter?
Some people will be relieved the breach was not Clearview’s facial recognition database but others, such as the firm’s customers, won’t be happy at all.
As Jake Moore, cybersecurity specialist at ESET says: “Data breaches might be part of life in the 21st century but we need to make sure the severity is kept to a minimum and the data exposed is heavily encrypted. Any data breach is serious and should not be taken lightly. If the data exposed had included faces, it would have taken this to the next level.”
He adds: “Companies which hold extremely sensitive data such as facial identities need to understand they are a higher profile risk and need even more layers of protection to thwart these inevitable attacks.”
Following the New York Times story and associated fallout, Clearview AI’s reputation was already tarnished. This breach, which some might see as a warning signal to all that store facial recognition data, could make things a lot worse.