28m records exposed in biometric data breach
Researchers associated with vpnMentor, which provides virtual private network reviews reported a data breach involving nearly 28 million records in a BioStar 2 biometric security database.
“BioStar 2’s database was left open, unprotected and unencrypted”
“After we reached out to them, they were able to close the leak,” vpnMentor said.
BioStar 2 is Suprema’s Web-based, open, integrated security platform. The leak was discovered on Aug. 5 and vpnMentor reached out to Suprema on Aug. 7. The leak was closed Aug. 13.
The vpnMentor team gained access to biometric data of client admin panels, dashboards, back-end controls and permissions, which ultimately exposed 23 GB of records:
- Fingerprint data;
- Facial recognition information and images of users;
- Unencrypted usernames, passwords and user IDs;
- Records of entry and exit to secure areas;
- Employee records including start dates;
- Employee security levels and clearances;
- Personal details, including employee home address and emails;
- Businesses’ employee structures and hierarchies; and
- Mobile device and OS information.
The team was able to access information from a variety of businesses worldwide:
- United States-based organizations Union Member House, Lits Link and Phoenix Medical;
- UK-based Associated Polymer Resources, Tile Mountain and Farla Medical;
- Finland’s Euro Park;
- Japan’s Inspired.Lab;
- Belgium’s Adecco Staffing; and
- Germany’s Identbase.de.