A cyber threat research group discovered a breach that exposes 76,000 fingerprint data, including 2 million bits of data.
Antheus Tecnologia develops and manages automated fingerprint identification systems. The Brazillian firm handles the employee fingerprints ID for various companies across the world.
Unfortunately, the security company may have a problem keeping its users’ data safe. As it turns out, Antheus Tecnologia left 16 gigabytes of sensitive information about client ID and biometric details unsecured on their servers.
SafetyDetectives.com, a team of researchers that specializes in analyzing antivirus software, discovered the breach. The researchers also mentioned that the breach had been secured.
How A Security Firm Exposed 76,000 Fingerprint Data
According to the researchers, the Antheus server employed a weak measure when it comes to system access. In other words, the security firm’s server may not be as sufficiently protected as it should be.
But that’s not the problem. The most alarming part is the insecure method that Antheus Tecnologia used in storing information.
The security firm stored actual fingerprint images as well as index logs of company employees. And this would make it easy for hackers to match and use the data for criminal activity.
A researcher from the cyber threat group, Anurag Sen explained:
“Instead of saving a hash of the fingerprint (that cannot be reverse-engineered), Antheus is saving people’s actual fingerprints through rudimentary encoding which can then be replicated for malicious purposes.”
The security breach is troubling, and here’s why.
Why Biometric Data Theft is a big Deal
We now rely on biometric data to access to everything, from smartphones and personal computers to banking and business institutions.
In an average password breach or malware infection, a user can change a password. The company could even release a software patch to eliminate the threat.
But biometric data are different. You can’t upgrade or change your fingerprint, the same way your facial recognition and iris scan data are also permanent.
So, a breach in these areas exposes users to identity and financial theft. Attackers will also have access to classified information, which could lead to extortion or blackmail.
Comments (0)
Most Recent