Fiber optic cables feed into a switch inside a communications room at an office in London, U.K., on Monday, May 21, 2018. The Department of Culture, Media and Sport will work with the Home Office to publish a white paper later this year setting out legislation, according to a statement, which will also seek to force tech giants to reveal how they target abusive and illegal online material posted by users. Photographer: Jason Alden/Bloomberg via Getty Images
Bloomberg/Bloomberg/Bloomberg via Getty Images
Fiber optic cables feed into a switch inside a communications room at an office in London, U.K., on Monday, May 21, 2018. The Department of Culture, Media and Sport will work with the Home Office to publish a white paper later this year setting out legislation, according to a statement, which will also seek to force tech giants to reveal how they target abusive and illegal online material posted by users. Photographer: Jason Alden/Bloomberg via Getty Images
Now playing
02:18
How to protect yourself from hackers
AirTag
Apple
AirTag
Now playing
01:17
See AirTag, Apple's new device for tracking your lost stuff
ABC/Fremantle North America/19 Entertainment
Now playing
01:27
Katy Perry consoles 'Idol' contestant after he flubs lyric
NASA/JPL
Now playing
01:29
Watch the Ingenuity helicopter's first flight on Mars
Marvel Entertainment
Now playing
01:13
Marvel introduces first Asian superhero in new trailer
Consumer Product Safety Commission
Now playing
01:08
Video shows child getting caught under Peloton treadmill
CNN
Now playing
02:56
Watch Anderson Cooper belly laugh with Cheri Oteri
Brooke Baldwin last show goodbye CNN newsroom vpx_00000217.png
CNN
Brooke Baldwin last show goodbye CNN newsroom vpx_00000217.png
Now playing
03:56
'Get a little uncomfortable': See Brooke Baldwin's last words on air
US Navy
Now playing
01:28
Pentagon confirms UFO video is real, taken by Navy pilot
Now playing
01:24
How Kyra Sedgwick got the cops called on Tom Cruise
Fancy Feast/Purina
Now playing
01:06
Cat food company makes a cookbook ... for humans
Google Earth's new timelapse feature
Google
Google Earth's new timelapse feature
Now playing
01:09
Google Earth's new Timelapse feature shows 40 years of climate change in just seconds
Twitter | @brady9dream
Now playing
02:10
Pet owners pitch their pups to be dog brew's 'Chief Tasting Officer'
FOX/"The Masked Singer"
Now playing
01:23
'The Masked Singer' reveals identity of The Orca
LONDON, ENGLAND - DECEMBER 07:  A visual representation of the digital Cryptocurrency, Bitcoin on December 07, 2017 in London, England. Cryptocurrencies including Bitcoin, Ethereum, and Lightcoin have seen unprecedented growth in 2017, despite remaining extremely volatile. While digital currencies across the board have divided opinion between financial institutions, and now have a market cap of around 175 Billion USD, the crypto sector coninues to grow, as it continues to see wider mainstreem adoption. The price of one Bitcoin passed 15,000 USD across many exchanges today taking it higher than previous all time highs.  (Photo by Dan Kitwood/Getty Images)
Dan Kitwood/Getty Images
LONDON, ENGLAND - DECEMBER 07: A visual representation of the digital Cryptocurrency, Bitcoin on December 07, 2017 in London, England. Cryptocurrencies including Bitcoin, Ethereum, and Lightcoin have seen unprecedented growth in 2017, despite remaining extremely volatile. While digital currencies across the board have divided opinion between financial institutions, and now have a market cap of around 175 Billion USD, the crypto sector coninues to grow, as it continues to see wider mainstreem adoption. The price of one Bitcoin passed 15,000 USD across many exchanges today taking it higher than previous all time highs. (Photo by Dan Kitwood/Getty Images)
Now playing
03:10
Bitcoin has an energy problem
The new all-electric Mercedes-EQS
Mercedes-Benz AG
The new all-electric Mercedes-EQS
Now playing
01:05
See the new all-electric EQS luxury sedan from Mercedes
(CNN) —  

At least 50,000 American license plate numbers have been made available on the dark web after a company hired by Customs and Border Protection was at the center of a major data breach, according to CNN analysis of the hacked data. What’s more, the company was never authorized to keep the information, the agency told CNN.

“CBP does not authorize contractors to hold license plate data on non-CBP systems,” an agency spokesperson told CNN.

The admission raises questions about who’s responsible when the US government hires contractors to surveil citizens, but then those contractors mishandle the data.

“[CBP] keeps seeking to amass more information in a way that is concerning from a privacy and civil liberties standpoint, but also from a security standpoint, given that they’ve not demonstrated they can safeguard that information,” Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union, told CNN.

CBP collects license plate information to track which vehicles cross the border.

A CNN analysis of data hacked from CBP subcontractor Perceptics, which is now available on the dark web, shows records of what appear to be at least 50,000 unique American license plate numbers. That figure had not previously been made public.

In specific instances, CBP contractors are authorized to access Americans’ license plate images to adjust their systems, like when a state issues a new license plate design and the system needs to calibrate it. But those periods are brief. “This data does have to be deleted,” the CBP spokesperson said, though the agency didn’t clarify the specifics of the policy that would apply to Perceptics.

In many cases, it’s not clear whether the license plate numbers were collected for CBP or for one of Perceptics’ other government or law enforcement contracts. Some portion, however, was for CBP, the spokesperson said. Perceptics didn’t respond to multiple requests for comment.

In a statement when the breach was announced last week, CBP said it learned on May 31 that a subcontractor “had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack.”

Last week, CBP said in a statement that “none of the image data has been identified on the Dark Web or internet,” though CNN was able to still find it.

In addition to the license plate data, last week a CBP spokesperson said that photos of some travelers – fewer than 100,000 – had also been compromised.

CNN first obtained the information on the license plates records from the online archivist group Distributed Denial of Secrets, which has published some emails and contracts leaked from the Perceptics hack. They plan to publish far more, including a library of emails that will eventually be searchable, DDoS co-founder Emma Best told CNN.

CNN analyzed a list of hacked folder files and isolated entries that appeared to be images, resulting in nearly 300,000 apparent images of license plate numbers, then omitted duplicates and plates that appeared to be missing a state or plate number, or were from a country other than the US.