28m records exposed in biometric data breach

Researchers associated with vpnMentor, which provides virtual private network reviews reported a data breach involving nearly 28 million records in a BioStar 2 biometric security database.

28m records exposed in biometric data breach“BioStar 2’s database was left open, unprotected and unencrypted” 

“After we reached out to them, they were able to close the leak,” vpnMentor said.

BioStar 2 is Suprema’s Web-based, open, integrated security platform. The leak was discovered on Aug. 5 and vpnMentor reached out to Suprema on Aug. 7. The leak was closed Aug. 13.

The vpnMentor team gained access to biometric data of client admin panels, dashboards, back-end controls and permissions, which ultimately exposed 23 GB of records:

  • Fingerprint data;
  • Facial recognition information and images of users;
  • Unencrypted usernames, passwords and user IDs;
  • Records of entry and exit to secure areas;
  • Employee records including start dates;
  • Employee security levels and clearances;
  • Personal details, including employee home address and emails;
  • Businesses’ employee structures and hierarchies; and
  • Mobile device and OS information.

The team was able to access information from a variety of businesses worldwide:

  • United States-based organizations Union Member House, Lits Link and Phoenix Medical;
  • UK-based Associated Polymer Resources, Tile Mountain and Farla Medical;
  • Finland’s Euro Park;
  • Japan’s Inspired.Lab;
  • Belgium’s Adecco Staffing; and
  • Germany’s Identbase.de.