US-based facial recognition company Clearview AI informed its customers that its complete list of clients — which includes over 600 law enforcement agencies — was stolen in a data breach, The Daily Beast reported. Clearview AI had earlier said that its facial data search engine is only available to law enforcement agencies and “select security professionals”. In a statement to The Daily Beast, Clearview AI said that “unfortunately, data breaches are part of life in the 21st century”.

In its notification to its clients, Clearview AI reportedly told its customers that an intruder “gained unauthorised access” to its list of customers, including the number of user accounts those customers had set up, and the number of searches they had done. The company told The Daily Beast that the vulnerability had been fixed, and that law enforcement search histories had not been revealed. The company also said that its servers have not been compromised and there was “no compromise of Clearview’s systems or network”. The notification did not describe the breach as a hack, The Daily Beast pointed out.

“Clearview’s entire business model relies on collecting incredibly sensitive and personal information, and this breach is yet another sign of the grave privacy risks it poses,” US Senator Edward Markey, tweeted in response.

Clearview AI scrapes facial images from the public internet

Clearview AI had first come under the scanner when New York Times reported in January that the service was built by collecting images from across the web, taking them from Facebook, Instagram, Twitter, news sites, and more. The service, which reportedly has more than three billion images, requires a user to input an image of a face, and then culls out all similar faces available in its database.

Following the NYT report, Twitter had sent a cease and desist letter to Clearview AI, asking it to stop scraping content from the platform, and delete existing photos it had stored, followed by Google, YouTube and Facebook.

Hoan Ton-That, Clearview AI’s CEO, in an interview with CNN Business in February said that the images are scraped only from “publicly available resources”. However, it doesn’t remove such images from the database, in case some photos are made private later on, as was found in a demonstration of the app in that very interview.

In an earlier interview with CBS, Ton-That had called his company a “search engine for faces”, and argued that Google can also pull information from different websites, and if resources are public and are available on Google, they can also be present on Clearview’s app. He further argued that it is Clearview AI’s First Amendment right to access public data.