CategoriesBritish ChambersCharity SectorConstructionCyber SecurityEducationFinancial & LegalHealth Wellbeing & LeisureInternational TradeIT InsightsJob VacanciesManufacturingMarketingMember NewsPolicySales & Marketing InsightsSussex ShowcaseTransport & Logistics Sector
ArchiveNovember 2020October 2020September 2020August 2020July 2020June 2020May 2020April 2020March 2020February 2020January 2020December 2019November 2019October 2019September 2019August 2019July 2019June 2019May 2019April 2019March 2019February 2019January 2019December 2018November 2018October 2018September 2018August 2018May 2018
The leak of millions of fingerprints and other personal data has posed serious questions about how secure current biometrics technology is.
A tool used by many organisations worldwide to provide secure access to buildings has been proved to be insecure.
Researchers working for the cyber-security firm VPNMentor discovered a massive leak of data on the Biostar 2 biometrics platform. They spotted it in early August but it could have been a problem for much longer. It took a week before the data was made private by Biostar’s maker Suprema.
Researchers were able to view masses of private data without any security authentication. As well as fingerprint records, they found facial recognition data, names, addresses, passwords and employment histories. In total, 23 gigabytes of data, containing nearly 30 million records, was unencrypted.
Many British companies were affected including Tile Mountain – a homeware retailer which received no warning that data at its Stoke-On-Trent headquarters may have been compromised. The company’s IT director said the exposure could have contravened the European Union’s General Data Protection Regulation (GDPR) leading to a severe financial penalty.
Fears about the risks surrounding Biostar 2 were compounded by recent news that Suprema will be integrating Biostar 2 into AEOS, a separate security system used across 83 countries by major organizations such as governments, banks and the police.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “The use of biometric data has distinct advantages for ensuring robust security. However, there are clearly serious issues that need to be ironed out before it can be used with confidence. The good news for British companies is that UK legislators may soon bring in tighter laws to control how such data is gathered and stored.
“Such alarming news about Biostar 2 suggests that all organisations need to include contingency measures to mitigate against the consequences of any future breaches. Measures that include an established process for communicating effectively with customers, partners and the ICO . For example, it’s essential that the ICO views favourably your organisation’s efforts to contain the problem. Otherwise, the UK regulator could impose the maximum penalty which, under the terms of the GDPR, is a significant percentage of annual turnover. Such a penalty could, for many small and medium-sized companies, have fatal consequences.”