A company that holds biometric data – such as fingerprints – has launched a staunch defence after researchers claimed to have found a million user records online.
Researchers working with VPNMentor claim to have been able to access biometric data from Suprema’s Biostar 2 program in early August. They reported accessing personal records online via companies that use Suprema’s system, having their pick of over a million.
The claims generated a great deal of interest, as they signalled the first major leak of ‘human’ data such as fingerprint scans, as opposed to names, addresses and banking details, for example.
Suprema has now issued a strongly worded rebuttal, claiming the breach was nowhere near as serious as first thought and as some have reported. After closing the loophole which caused the breach, and launching an investigation to discover what happened, Suprema claims to have found the number of leaked accounts was “significantly less” than originally reported.
In a statement, the South Korean firm claimed that researchers only had access to biometric data “for a limited period of time”. It added that no data was downloaded and nobody else accessed the data thereafter – meaning “the scope of potentially affected users is significantly less than recent public speculation.”
The research team, however, stood by their initial report. In their work, the team identified a huge cache of data, from which they took hundreds of data samples, then used Suprema’s own software to turn the raw information into visible fingerprint patterns.
That said, the team didn’t download any of this data, citing ethical reasons. This appears to be the cause of the dispute, with the researchers unable to provide hard evidence of having access to millions of records, as the leaked data was never stored.
Either way, it shows once again the importance of keeping customer data secure – especially in a world where much more personal information is being stored. With GDPR fines now being handed out to companies that do not meet the expectations put upon them, businesses simply cannot afford to let any standards slip.