Major hacks of facial-recognition data have long seemed like an inevitability, but that does not make the recent breach of a U.S. Customs and Border Protection subcontractor any less frustrating.

Customs recently revealed that tens of thousands of travelers’ faces may have been compromised after a “malicious cyberattack” targeted an unidentified contractor — though the company Perceptics seems to have been implicated thanks to Custom’s public statement, which was headlined “CBP Perceptics Public Statement.”

These guardians of security and secrecy estimate that fewer than 100,000 people had their photos taken in the data breach.

Concerns about the use of facial-recognition technology and the storage of the resulting data have been growing in recent years. (…)

San Francisco recently banned city agencies from using the technology and, in Congress, a bill has been introduced by Sens. Roy Blunt (R., Mo.) and Brian Schatz (D., Hawaii) that “would strengthen consumer protections by prohibiting commercial users of facial-recognition technology from collecting and resharing data for identifying or tracking consumers without their consent.”

But the government must begin serious discussions about how to regulate its own use of facial-recognition technology and how to provide meaningful oversight that will limit abuses and system breakdowns.

Without such safeguards in place, more problems are sure to arise and more innocent people will have to pay the price for governmental incompetence and failure.

That is unacceptable.

— The Toledo Blade