Posted On 24 Sep 2019
A massive loss of unsecured biometric information and other personal details has been found by security experts, as reported in The Guardian. Suprema’s Biostar security platform has lost facial recognition, fingerprint, and unencrypted password and username information, totaling 27.8 million records to a database that can be accessed by the public, although it is not yet known if anyone with bad intentions procured the data when it was available.
The Biostar system is a biometric application used for security in commercial facilities all around the world, including the USA, the UK, and Japan. The leaked information included passwords and usernames, meaning that in theory any hacker could have gained access to any buildings using the system.
Furthermore, the leaked information could be used for fraudulent activities against anyone whose data was included in the leak; theoretically once a hacker has unencrypted fingerprint information they can use it to access other biometric systems the user is a member of, and fingerprint information can’t be changed in the same way as a hacked password.
Worryingly, in the light of this data loss, Suprema announced not long ago that the Biostar 2 platform would become part of AEOS, a security system used in 83 countries worldwide by government agencies, police forces, and banks, amongst others.
Suprema has acknowledged awareness of the alleged data loss and says it is investigating, but the researchers who originally discovered it claim that they were slow to react and would not cooperate initially. It is advised that businesses using the platform should change their passwords and advise all their employees to do the same.