Biometrics firm 'leaks sensitive data' from millions of people

Published on: 21 Aug 2019

Research has discovered that the sensitive biometric data of millions of people was publicly available online due to an alleged security breach by a security company.

Suprema operates the Biostar 2 biometric lock system, which stores information to use as a way of identifying people trying to get into buildings.

It also runs the AEOS system, a product used by organisations including banks, governments and the UK's Metropolitan Police.

In a search by review provider vpnmentor this month, it was discovered the databases were unprotected and mostly unencrypted. This means researchers were able to access 27.8 million records, including fingerprints, facial recognition photos and passwords.

They said they could even have edited users' accounts and swapped the fingerprints there for their own, so poor were the security barriers.

Suprema spokesperson Andy Ahn told the Guardian the company will be investigating and informing customers if there is a threat.

The UK Information Commissioner's Office has also said it is aware of the alleged incident and will be making enquiries.