According to researchers, more than a million fingerprints as well as other sensitive data have been leaked online by a biometric security firm.
Researchers that are currently working with VPNMentor, a cyber-security firm, said that they managed to access plenty of data from a security tool known as Biostar 2.
Suprema, which is the firm that offers Biostar 2, has stated that they are working on fixing the issue.
Biostar 2 is used by thousands of companies worldwide, most notably the United Kingdom’s Metropolitan Police, using this tool to control the access to specific parts of secure facilities.
Suprema stated that “If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets.”
VPNMentor said that the exposed data which was discovered on 5 August, was privatised on 13 August, yet it is not clear for how long it was accessible before it was actually discovered.
The researchers also claim that apart from fingerprint records, they were also able to find photographs of people, along with facial recognition data, names, addresses, passwords and also employment histories.
Suprema added that it was aware of the breach and “is investigating the allegations in the press reports and will liaise with any appropriate third parties and/or individuals as necessary.”
The company also said “At this stage, it cannot make any further comment but will, if appropriate, issue a further press statement in due course, including corrections of any erroneous assertions in the reports to date.”
In total, 23 gigabytes of data, which had almost 30 million records were discovered exposed online, available for hackers to access them.
VPNMentor wrote in a blog about the discovery of the data that “This could be used in a wide range of criminal activities that would be disastrous for both the businesses and organisations affected, as well as their employees or clients.”