Data Breach has Exposed Millions of Fingerprint and Facial Recognition Records

Arthur T Knackerbracket has found the following story:

It has been coming for some time, but now the major breach of a biometric database has actually been reported-facial recognition records, fingerprints, log data and personal information has all been found on "a publicly accessible database." The damage is not yet clear, but the report claims that actual fingerprints and facial recognition records for millions of people have been exposed.

The issue with biometric data being stored in this way is that, unlike usernames and passwords, it cannot be changed. Once it's compromised, it's compromised. And for that reason this breach report will sound all kinds of alarms.

The report published by security researches Noam Rotem and Ran Loca at Vpnmentor relates to Suprema, a company describing itself as a "global Powerhouse in biometrics, security and identity solutions," with a product range that "includes biometric access control systems, time and attendance solutions, fingerprint live scanners, mobile authentication solutions and embedded fingerprint modules."

The news of the breach was first published by Wednesday's Guardian newspaper in the U.K., which highlighted the use of Suprema solutions by the "Metropolitan Police, defence contractors and banks." The breach, though, is international, with Suprema's Biostar 2 biometric identity SDK integrated into the AEOS access control system "used by 5,700 organisations in 83 countries, including governments, banks and the police."

Read more of this story at SoylentNews.