August 14, 2019 — Privacy researchers discovered a large bank of unprotected biometric, password and other personal data open on the internet. The data, which belong to the BioStar 2 identity and access control platform, serve as a reminder of the basic rule of cybersecurity: if highly-sensitive identity data isn’t adequately protected, then the system is worthless. From a consumer perspective, high-resolution fingerprints are a dangerous data set, regardless of how the original data was intended to be used says Robert Capps, Vice President at NuData Security.
“The fact that we don’t know whether the stolen fingerprint data is full resolution or templatized, it is unclear whether the stolen biometric data will have any meaningful impact. We do know that other consumer information was made available by the vendor, and this information has the possibility of being used to access consumer accounts, including financial services accounts.”