The United States Customs and Border Patrol (CBP) admitted last week that personal information that it collected from travelers crossing the U.S. borders was exposed in a “malicious cyber-attack” against one of its vendors.

It is being reported that one of CBP’s subcontractors “illegally transferred” to its internal network almost 100,000 photographic images of travelers and license plates collected at the border over a six-week period, and that the network was then compromised by a cyber-attack.

It has been confirmed that no passport information or other government-issued travel documents were stolen and no biometric information was involved. Nonetheless, the CBP is reportedly monitoring the Dark Web and the Internet to see if the images appear for sale.