Forbes reports that a security company lost almost 28 million records, including lots of biometric data, such as fingerprints and facial recognition data, such as user photos. It also had unencrypted usernames and passwords, access records to the facilities and the levels of security and authorization of people!
That is why it is crazy to create a honeypot with such unrecoverable and sensitive information. Distributing biometric data on the phone and making it securely accessible using the FIDO approach makes more sense to everyone, except in those few security situations where the individual's access is so valuable that it would endanger that person's life. Then you have a completely different problem to deal with:
"It has been coming for some time, but now the biggest violation of a biometric database has been reported: facial recognition records, fingerprints, registration data and personal information have been found in" a publicly accessible database "The damage is not clear, but the report states that the fingerprints and facial recognition records of millions of people have been exposed.
The problem with the biometric data that is stored in this way is that, unlike usernames and passwords, they cannot be changed. Once he is engaged, he is engaged. And for that reason, this breach report will sound all kinds of alarms.
The report published by security researchers Noam Rotem and Ran Locar in Vpnmentor relates to Suprema, a company that describes itself as a "World power in biometrics, security and identity solutions", with a range of products that " includes biometric access control systems, time and assistance solutions, live fingerprint scanners, mobile authentication solutions and integrated fingerprint modules. "
The news of the violation was first published on Wednesday in the Guardian newspaper in the United Kingdom, which highlighted the use of Suprema solutions by the "Metropolitan Police, defense contractors and banks." The violation, however, is international, with Suprema's Biostar 2 biometric identity SDK integrated into the AEOS access control system & # 39; used by 5,700 organizations in 83 countries, including governments, banks and the police & # 39; ".
Overview by Tim Slone, VP, Payment Innovation in the Mercator Advisory Group