Biometric firm Clearview AI has suffered a data breach that left customer data in the hands of unspecified hackers, who had exploited a security vulnerability to obtain the data.
Clearview sent a notification to customers that it had been breached, detailing the incident. According to this notification, hackers had gained access to the company's entire client list and was able to obtain data showing the number of user accounts operated by each client and the number of searches through Clearview's database. The company claimed that the hackers hadn't been able to access client search history.
In a statement sent to The Daily Beast, an attorney for the company claimed security was Clearview's top priority. "Security is Clearview's top priority," says the attorney, "Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security."
The hack has drawn criticism from cybersecurity experts, who are concerned that Clearview may not be taking security as seriously as it should. Speaking to The Daily Beast, Director of the Aspen Cyber Security Group, David Forscey stated: "If you're a law-enforcement agency, it's a big deal, because you depend on Clearview as a service provider to have good security, and it seems like they don't."
In a statement sent to Infosecurity Magazine, security strategist Tim Mackey with the Synopsys Cybersecurity Research Center voiced his concerns that hackers may view Clearview as a priority target. "I would encourage Clearview AI to provide a detailed report covering the timeline and nature of the attack," Says Mackey "While it may well be that the attack method is patched, it also is equally likely that the attack pattern is not unique and can point to a class of attack others should be protecting against." Mackey then encouraged Clearview to use the incident to spur development of its security, as the firm stood to become a leader in cybersecurity in the wake of the incident if it capitalized on it properly.
Clearview is no stranger to criticism for its practices. The company's database of some 3 Billion pictures was harvested from popular social media platforms such as Facebook and Instagram. The company's practices violated the terms of service of many of these sites, prompting Facebook (NASDAQ: FB), Twitter (NYSE: TWTR), and Google (NASDAQ: GOOGL) to send cease and desist letters. The State of New Jersey enacted a statewide ban on law enforcement agencies using Clearview while it investigated the software.