Skip to main content

Biometric Breach Exposes Fingerprints, Facial Data And Personal Info

By August 24, 2019May 16th, 2022Cybersecurity

Do you employ a biometric security solution at your company to control building access?

If your solution employs BioStar 2 technology (which is often integrated into third-party systems such as Nedap’s AEOS access control system), you have cause for concern. Recently, researchers from vpnMentor announced that they uncovered a massive database.

It is about 23 gigabytes in size and houses 27.8 million records including fingerprints and facial recognition images. These are mostly un-encrypted and publicly available.  In addition to the above, the exposed data also included employee names, usernames and passwords.

Worse, using the information contained in the database, the researchers who made the discovery were able to trace the precise movement of individual employees throughout physical facilities. That along with their security clearance levels and their home and email addresses. This kind of exposure is catastrophic.  It allows hackers an unprecedented view into the inner workings of any exposed company, and it renders the security infrastructure of any building using BioStar 2’s technology completely useless.

Worst of all, Suprema, the company that makes BioStar 2, has been unusually uncooperative and unresponsive about the matter.  They fixed the issue with the exposed database eight days after it was reported by vpnMentor.

A few days after that, made a terse formal reply, which reads, in part, as follows:

“Suprema is aware of the reports in the press regarding its BioStar 2 platform and the alleged unauthorized access to data involving vpnMentor.  The Company takes any report of this nature very seriously.  It is investigating the allegations in the press reports and will liaise with any appropriate third parties and/or individuals as necessary.”

If your firm utilizes any security solution built around BioStar 2, at a minimum, you should immediately change your password and the passwords associated with all of your employees.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.