'Atrocious' security practice caused fingerprint hack
Following news that a database of millions of fingerprints and biometric data used by banks and UK police was left publicly accessible, one cybersecurity expert has pinned the blame on atrocious security practices.
Security company Suprema’s web-based Biostar 2 biometrics lock system was found to have an unprotected and mostly unencrypted database from which the data was available.
Etienne Greeff, CTO of cybersecurity services and solutions provider SecureData, called the breach a ‘worrying warning’ about the storage of biometric data.
“It’s atrocious security practice, and I would expect better from a company whose very business is based on physical security,” he said.
“It's one thing having your password hacked, passwords can be changed and replaced. But what happens when your biometrics are hacked?
“You can’t change your voice; you can’t replace your eyes and you can’t reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you.”
Greeff recommends that anyone who thinks they may have been affected should be careful with whom they trust your biometric information with going forward.
“This breach, among others, has shown this type of information can be lost like anything else, and while you can change your password, biometrics are irrecoverable.”
“All methods of authentication have their strengths and weaknesses. It’s when technology is mismanaged or misused that we see these breaches and hacks cropping up regularly in media column inches.”