Volunteers and police help organize a large group of asylum seekers outside a Greyhound Station after they were dropped off by Immigration and Customs Enforcement (ICE) officials earlier in downtown El Paso, Texas late on December 23, 2018.

Customs and Border Protection said Monday that photos of travelers and license plates collected at a single U.S. border point have been exposed in a malicious cyberattack in what a leading congressman called a "major privacy breach."

The federal agency did not name the subcontractor whose computer network was hacked, but the announcement followed news that a Tennessee-based company that bills itself as the sole provider of stationary license plate readers at U.S. borders had been compromised.

A Customs spokesman said initial reports indicated that the images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States at a single land-border port of entry over one and a half months.

Automated license-plate readers are used for "detecting, identifying, apprehending, and removing individuals illegally entering the United States at and between ports of entry or otherwise violating U.S. law," the Department of Homeland Security says in a December 2017 privacy document . Recorded license plates are checked in real time against DHS databases to which 13 federal agencies have access.

The U.K. computer security website The Register, which said the hacker responsible alerted it to the breach in late May, identified the company as Perceptics. A spokesman for the company did not immediately respond to an email from The Associated Press seeking comment.

CBP said none of the data had surfaced on the internet or Dark Web. The Register said the hacker provided it with a list of files exfiltrated from the Perceptics corporate network and said a company spokesperson had confirmed the hack.

"Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract," CBP said in a statement.

The agency said it learned of the data breach May 31. It said the subcontractor had transferred copies of the images to its company network in violation of government policies and without the agency's authorization.

No Customs networks or databases were breached, the agency spokesman said.