Millions of fingerprints leaked in latest high-profile data breach

Data, Cyber Security, Millions of fingerprints leaked in latest high-profile data breach

A “huge data breach” in security platform BioStar 2 has been uncovered, revealing the personal information of millions

Researchers at vpnMentor, a blog covering web privacy, recently discovered the data breach, which compromised the private information of millions of people. 

Headed by “ethical hackers” Noam Rotem and Ran Locar, the team discovered that “huge parts of BioStar 2’s database are unprotected and mostly unencrypted.”

Over one million fingerprint records and facial recognition biometrics were among the leaked data. Perhaps even more worrying is that these records were tied to personal details, usernames and passwords. 

Suprema, the company responsible for the biometric data platform BioStar 2, is one of the world’s top 50 security manufacturers. 

vpnMentor was able to access almost 30 million records. These records included fingerprint data, unencrypted usernames and passwords, employee home addresses and personal emails, employee security access clearances, facial recognition information and even images of users.

The BioStar 2 platform is in use worldwide, with over 1.5 million installations. vpnMentor state that the total number of people affected by the breach could be in “the tens of millions.”

The leak raises numerous concerns for the potential of fraud and identity theft, through phishing and direct targeting. Employees could be the targets of blackmail and extortion based on their security clearances, with their personal information used as leverage. 

This is the latest in a string of high-profile data breaches. Just last month, American credit card provider Capital One fell victim to a breach. The hacker was able to access the social security numbers and personal information of 100 million Americans. 

Two days after discovering the BioStar 2 breach, the researchers who uncovered the hack decided to contact the company’s offices by phone but were largely unsuccessful. Some agents simply hung up on them.

In the blogpost, vpnMentor stated that, upon approaching Biostar 2 to make them aware of the breach, they found them “generally very uncooperative,” adding that their team made “numerous attempts to contact the company over email, to no avail.”

It was only 5 days later that the company responsible took action and closed the breach.

Data, Cyber Security, Millions of fingerprints leaked in latest high-profile data breach

Ben Ashman

Ben is a multimedia journalist with a keen passion for technology, literature and art. When he isn't writing you can find him wandering around London's museums and galleries.

The vital role business plays in the business intelligence equation

Phillip Smith • 03rd December 2021

As organizations continue turning their attention to technology advancements, to maintain some form of ‘business as usual’, there has never been a greater need for companies to truly understand the data they hold, and how to interpret it. Phillip Smith, the chief architect at workplace data analytics firm Tiger, explains more.

2,500 years of threat intelligence and its value continues to...

Anthony Perridge • 01st December 2021

Anthony Perridge, VP International at ThreatQuotient discusses how threat intelligence has evolved to form an essential aspect of modern-day cybersecurity. By harking back to the practices of our ancestors, today’s threat hunters can take inspiration about evaluating threat data to maximize the best possible decisions.

The gaming industry’s latest challenge: DDoS protection

Babur Khan • 30th November 2021

As the industry faces a rise in DDoS threats, it is time that gaming companies truly prioritise cybersecurity and business resiliency. In his latest article, Babur Khan,Technical Marketing Engineer at A10 Networks, lays out a framework for the industry to do just this, securing their customers and their own success against the tide of cyberattacks.

The Best Ten Rated Cloud Security Management Options For Business

Erin Laurenson • 24th November 2021

Cloud Security programs that can carry out safety procedures and address or flag potential high-risk elements are now critical, allowing businesses to function normally without fearing a potential breach. To help you find the best Cloud management and security system for your business, we’ve done the research and found the top systems presently available on...