window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');

WARNING

We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Security fears over big data leak

The leak of millions of fingerprints and other personal data has posed serious questions about how secure current biometrics technology is.

CNC

A tool used by many organisations worldwide to provide secure access to buildings has been proved to be insecure.

Researchers working for the cyber-security firm VPNMentor discovered a massive leak of data on the Biostar 2 biometrics platform. They spotted it in early August but it could have been a problem for much longer. It took a week before the data was made private by Biostar’s maker Suprema.

Researchers were able to view masses of private data without any security authentication. As well as fingerprint records, they found facial recognition data, names, addresses, passwords and employment histories. In total, 23 gigabytes of data, containing nearly 30 million records, was unencrypted.

Many British companies were affected including Tile Mountain – a homeware retailer which received no warning that data at its Stoke-On-Trent headquarters may have been compromised. The company’s IT director said the exposure could have contravened the European Union’s General Data Protection Regulation (GDPR) leading to a severe financial penalty.

AEOS system

Fears about the risks surrounding Biostar 2 were compounded by recent news that Suprema will be integrating Biostar 2 into AEOS, a separate security system used across 83 countries by major organizations such as governments, banks and the police.

Gary Jowett, from Computer & Network Consultants in Brighton, said: “The use of biometric data has distinct advantages for ensuring robust security. However, there are clearly serious issues that need to be ironed out before it can be used with confidence. The good news for British companies is that UK legislators may soon bring in tighter laws to control how such data is gathered and stored.

“Such alarming news about Biostar 2 suggests that all organisations need to include contingency measures to mitigate against the consequences of any future breaches. Measures that include an established process for communicating effectively with customers, partners and the ICO . For example, it’s essential that the ICO views favourably your organisation’s efforts to contain the problem. Otherwise, the UK regulator could impose the maximum penalty which, under the terms of the GDPR, is a significant percentage of annual turnover. Such a penalty could, for many small and medium-sized companies, have fatal consequences.”

Newsletter Archives

By |2019-11-12T12:53:26+00:0012th November 2019|Tech News|Comments Off on Security fears over big data leak

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept