John Parr: St Elmo's FireiTunesAmazon

John Parr: St Elmo's FireiTunesAmazon

Fingerprints and facial recognition data exposed in major breach

Fingerprints and facial recognition data exposed in major breach

Published at 12:28pm 14th August 2019. (Updated at 4:25pm 14th August 2019)

More than one million fingerprints and a host of usernames and passwords have been exposed on an unsecured database hosted by a security platform that lists the Metropolitan Police among its clients.

Researchers claim to have discovered the publicly accessible information on the web-based BioStar 2, which is owned and operated by South Korean company Suprema.

The firm describes itself as a "global powerhouse in biometrics, security and identity solutions" and sells its services to thousands of organisations around the world, including businesses, banks and Scotland Yard.

BioStar 2 is a security system that allows biometrics to be used to grant people access to buildings and other restricted areas.

It hosts an enormous amount of fingerprint and facial identification data - plus the usernames and passwords associated with them.

Internet privacy researchers Noam Rotem and Ran Locar, of vpnMentor, say they discovered that BioStar 2 had been breached on 5 August and that it was not resolved for eight days.

In a report published on the vpnMentor website, they said: "This is a huge leak that endangers both the businesses and organisations involved, as well as their employees.

"Our team was able to access over one million fingerprint records, as well as facial recognition information - combined with the personal details, usernames and passwords, the potential for criminal activity and fraud is massive."

The pair said Suprema had been "generally very uncooperative" since being made aware of the issue, which saw them able to access more than 27.8 million records totalling 23GB of data.

Among the information seen were entry and exit times, home addresses and emails.

But they said the potential for biometrics to be stolen was of greatest concern, adding: "Facial recognition and fingerprint information cannot be changed. Once they are stolen, it cannot be undone."

As well as fraud, they said victims could be at risk of blackmail, extortion and theft.

Security experts have described the scale of the leak as "disturbing".

Piers Wilson, of cyber security firm Huntsman Security, told Sky News: "The huge quantity of sensitive personal information, such as biometric data, that has potentially been exposed to cyber criminals as a result of poor cyber security practices by Suprema is disturbing to see.

"Such basic mistakes, including not encrypting data and making admin passwords easily accessible, are easy to avoid and there should have been steps taken to better protect systems.

"This breach is just another example of why cyber security must be taken more seriously in all businesses."

John Sheehy, director of strategic security services at research company IOActive, said: "The more secure an organisation itself is, the more attractive that organisation's supply chain becomes in the mind of the attacker - and you can't get any more secure than a government, bank or police force.

"An attacker wants to find the easiest pathway to get into the network so oftentimes, it's the supplier who has an exploitable vulnerability that can get them full access into the original target's network."

Sky News has contacted Suprema and the Metropolitan Police for comment.

Email Icon

Sign up for exclusive news, competitions and offers.
Proper Local News updates from Stray FM

Newer article

Satellite images show troop build-up on Hong Kong border

World: Satellite images have emerged that appear to back up claims China was massing troops on the border of Hong Kong.

Older article

Motorway officials blamed for Italian bridge collapse told to leave memorial service

World: Motorway executives attending a ceremony to remember victims of a major bridge collapse were told to leave after grieving relatives asked the Italian prime minister to intervene.

Top articles

Home Office stabbing: Man charged with GBH after civil servant injured

National: A man has been charged with grievous bodily harm (GBH) with intent after a civil servant in his 60s was stabbed outside the Home Office last week.

Iceland holds funeral for its first glacier lost to climate change

World: Iceland has said goodbye to its first glacier lost to climate change.

How to ensure your children have healthy feet

Lifestyle: Feet are at risk of deformity from a young age.

Paul Pogba's deeper role at Manchester United assessed

Sport: Paul Pogba plunged his Manchester United future into doubt at the end of last season when he claimed it may be a good time to take on a new challenge.

By the power of Netflix... New He-Man series announced

Showbiz: By the power of Netflix, He-Man is back - with a new series planned to pick up where the original 1980s show left off.

WATCH: 43 Minutes of Queen in the 70s

70s: The band's team have put together highlights of the their early career including some iconic performances.

Private Harrogate health service putting money back into NHS

Business: Harrogate Harlow is based at Harrogate District Hospital.

WATCH: First look at Disney's Mulan live action

Harrogate, Craven & Wharfedale: In the remake of the animated movie, Mulan will try to bring honour to her family.

"It's a fantastic place": Harrogate cancer centre celebrates major milestone

Harrogate, Craven & Wharfedale: The Sir Robert Ogden Macmillan Centre at Harrogate District Hospital is marking its five year anniversary.

Hairy, spiky, round and knobbly cucumbers at Harlow Carr

Harrogate, Craven & Wharfedale: The recent hot weather's produced some unusual looking items.

Local school success in green poem competition

Education: To celebrate Stray FM's Green Month.

Yorkshire countryside voted happiest

Harrogate, Craven & Wharfedale: Relaxing in the garden and being on holiday also rated highly.

Top Party Dresses for the Festive Season

Christmas: Local Blogger, the Harrogate Girl, picks the best frocks, gowns and outfits for the big Christmas parties of 2017.

Beth Parsons leaves Stray FM

Stray FM Station News: A childhood listener who's dream came true is off to pastures new.

Delve into deliciousness at Mother Shiptons Inn

Test pages: We sent Stray FM's James Stanley to try out the new menu at Mother Shipton's Inn Knaresborough.

Which roads are closed in Harrogate Town Centre?

Harrogate, Craven & Wharfedale: Following this morning's fire, here's an update on the travel situation

Giant pork pie to welcome Championship cyclists

Harrogate, Craven & Wharfedale: Preparations are underway with under 40 days to go until the UCIs.

North Yorkshire districts among best places to live in UK

Harrogate, Craven & Wharfedale: Three parts of North Yorkshire have been named in the top ten places to live in the UK.

Sky News LogoThis article © Sky News.

Poll

Is it too hot?
YES I AM MELTING
21.1%
Yes, I can't sleep
15.7%
I'd prefer it a bit cooler
21.3%
I'm not bothered
11.6%
No, it's just right
11.3%
Nope, keep going
15.2%
Hot? I've got a jumper on!!
3.8%

Trending in Yorkshire

Cyclist hit by car that failed to stop in Skipton

Police are appealing for information

7000 five year olds in Yorkshire not fully immunised against MMR

Parents of kids due to start primary school soon are being urged to ensure their routine immunisations are up to date.

Teenage cyclist injured in collision

Police are appealing for witnesses

Free workshops to help businesses get ready for UCIs

Opening Minds is running free courses for businesses and services about accessibility ahead of the championships.

Consultation period extended for Harrogate's Local Plan

You now have until the 20th September to have your say

More news...