Biometric security firm leaks fingerprints

Cyber security firm VPNMentor managed to access data from Biostar 2, a web-based security platform that is used by thousands of companies including the Metropolitan Police. 

Researchers have revealed that they managed to access facial recognition data, names, addresses and password. Suprema, the company providing this software, have said they are addressing the issue. In total, 23 gigabytes of data containing nearly 30 million records were found exposed online. According to VPNMentor, it discovered that the data was exposed on 5 August and the data was made private on 13 August, It has not been confirmed how long the data was left accessible.

In a blog posting on its website, VPNMentor said: "This is a huge leak that endangers both the businesses and organizations involved, as well as their employees. Our team was able to access over 1 million fingerprint records, as well as facial recognition information. Combined with the personal details, usernames, and passwords, the potential for criminal activity and fraud is massive. 

"After we discovered the breach in BioStar 2’s database, we contacted the company alerting them of our findings. However, we found BioStar 2 generally very uncooperative throughout this process. Our team made numerous attempts to contact the company over email, to no avail. Eventually, we decided to reach out to BioStar 2’s offices by phone. Again, the company was largely unresponsive. 

"Upon speaking to a member of their German team, we received a mumbled reply that “we don’t speak to vpnMentor”, before the phone was suddenly hung up. This suggests they were aware of us, and our attempts to resolve the issue. We also tried to contact BioStar 2’s GDPR compliance officer but received no reply."