War of words erupts over biometric data leak

A company that holds biometric data – such as fingerprints – has launched a staunch defence after researchers claimed to have found a million user records online.

Researchers working with VPNMentor claim to have been able to access biometric data from Suprema’s Biostar 2 program in early August. They reported accessing personal records online via companies that use Suprema’s system, having their pick of over a million.

The claims generated a great deal of interest, as they signalled the first major leak of ‘human’ data such as fingerprint scans, as opposed to names, addresses and banking details, for example.

Suprema has now issued a strongly worded rebuttal, claiming the breach was nowhere near as serious as first thought and as some have reported. After closing the loophole which caused the breach, and launching an investigation to discover what happened, Suprema claims to have found the number of leaked accounts was “significantly less” than originally reported.

In a statement, the South Korean firm claimed that researchers only had access to biometric data “for a limited period of time”. It added that no data was downloaded and nobody else accessed the data thereafter – meaning “the scope of potentially affected users is significantly less than recent public speculation.”

The research team, however, stood by their initial report. In their work, the team identified a huge cache of data, from which they took hundreds of data samples, then used Suprema’s own software to turn the raw information into visible fingerprint patterns.

That said, the team didn’t download any of this data, citing ethical reasons. This appears to be the cause of the dispute, with the researchers unable to provide hard evidence of having access to millions of records, as the leaked data was never stored.

Either way, it shows once again the importance of keeping customer data secure – especially in a world where much more personal information is being stored. With GDPR fines now being handed out to companies that do not meet the expectations put upon them, businesses simply cannot afford to let any standards slip.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

War of words erupts over biometric data leak

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000