Suprema, a Korean company that deals primarily with biometric data authentication, has been the victim of a breach resulting in the loss of millions of individuals data. The data includes elements such as fingerprint and facial recognition details. The breached data also contains home addresses, email addresses, unencrypted usernames, and passwords of clients on the Suprema system. The breach is, to date, the most massive leak of biometric data in the world.
Suprema’s proprietary security platform named Biostar 2 was responsible for keeping that information safe. When researchers detected the leak on August 5th, they immediately contacted Suprema, and then the Biostar 2 GDPR compliance officer, but were met with no reply. The breach was only resolved on August 13th, a full eight days after the initial breach had been discovered and reported to the company. There is currently no information as to whether any malicious users had been able to access the data leaked by Suprema.
Potential for Havoc
While the unencrypted usernames and passwords are bad enough, if criminal elements manage to get their hands-on Suprema’s biometric data from the leak, it could compromise all the company’s biometric identification systems. It would also significantly reduce users’ ability to control the spread of their biometric data. Malicious users could utilize this data as they see fit and potentially gain access to all information that is encrypted behind biometric security measures.
Affected users can’t do much aside from changing their passwords. Unlike text, biometric data can’t be so easily changed. There is still hope that no criminal entities gained access to the data when it was leaked. Since Suprema deals mainly with employers, the company will need to contact and inform their clients of the loss of data and what they intend to do about it. However, the data has already left the containment of Suprema’s servers. What is more worrying was the slow speed of action that Suprema dedicated to such a massive breach.