Yesterday BBC News reported that Suprema, the security firm that offers Biostar 2, had leaked millions of fingerprints and other sensitive information. The news originally broke from the cybersecurity firm VPNMentor. The firm said they were able to gain access to data from the Biostar 2 tool.
Biostar 2 is an immensely popular service, used by companies across the globe. Even the UK Metropolitan Police use the software as a way to limit access to parts of their “secure facilities”.
VPNMentor found the leaked data on August 5th, said data did not go back to being private until August 13th. It is unclear how long the data was viewable before it’s the date of inception.
“As well as fingerprint records, the researchers say they found photographs of people, facial recognition data, names, addresses, passwords, employment history and records of when they had accessed secure areas.”
BBC News
Noam Rotem, one of the researchers who discovered the data, spoke to BBC to explain the gravity of the situation. Rotem explained that “biometric information such as fingerprints could never be made private again once lost.”
The total of organizations affected are still being tallied up. As it stands the only UK organization affected in the breach is Tile Mountain, a retailer that specializes in homeware. There is also a chance that The Metropolitan police have been affected. They have already begun their inquiry to see if they are amongst the leaked population.
Globally there are 3 other organizations confirmed to have been affected.
-Power World Gyms, a gym franchise in India and Sri Lanka – 113,796 user records including fingerprints
-Global Village, an annual festival in the United Arab Emirates -15,000 fingerprints
-Adecco Staffing, a Belgian human resources firm – 2,000 fingerprints
After avoiding calls from Rotem and his team, Suprema finally addressed the issue in a statement to The Guardian.
“If there has been any definite threat to our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets,”
What is means for the Digital You
Like the Digital You, your fingerprint is a unique identifier that separates you from the rest of the world. Also like the Digital You, if your fingerprint falls into the wrong hands it can compromise your very identity.
It is important to remember that when you provide your information to a company it could become collateral in a breach. Make sure you are keeping up with ScoresMatter to stay up-to-date on the latest news on breaches and the Digital You. In the meantime, you can sign up for ScoresMatter and scan to see if your information is for sale on the Dark Web.
Tap Into The Digital You at ScoresMatter.