U.S. Customs and Border Protection said Monday that photos of travelers and license plates the agency has collected have been compromised after one of its subcontractors was hacked.

The federal law enforcement agency said in a statement that an unnamed subcontractor had transferred copies of images the government collected to its own company network and then was hit by a malicious cyber-attack. CBP, which learned of the breach late last month, said its systems were not affected.

The agency did not reveal how many peoples data was affected by the breach, or if they were U.S. citizens or travelers from other countries.

HuffPost reached out to CBP for further details but did not immediately receive a response.

The images taken may have been among those collected by a government facial recognition program to track people coming into and leaving the U.S, BuzzFeed News reported.

This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, American Civil Liberties Union attorney Neema Singh Guliani said in a statement. This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agencys data practices.

The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place, Singh Guliani added.