It’s one thing having your password hacked – passwords can be changed and replaced. But what happens when hackers go after your biometrics? Etienne Greeff, CTO and co-founder, SecureData offers his insight.
You can’t change your voice; you can’t replace your eyes and you can’t reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you.
The recent Biostar 2 hack – which saw thousands of citizens’ fingerprints leaked into the ether – is a worrying warning that the security grass isn’t always greener – all methods of authentication have their strengths and weaknesses. It’s when technology is mismanaged or misused that we see these breaches and hacks cropping up regularly in media column inches.
The major issue in this particular security incident is that data was seemingly not protected properly in the first place.
The biometric data, including fingerprints, weren’t hashed, which would have protected them from being reverse engineered.
On top of that, the data was stored in a publicly accessible cloud database. It’s atrocious security practice, and I would expect better from a company whose very business is based on physical security.
Businesses need to consider how they are storing biometric and genetic data, and how they are protecting it in line with GDPR.
Significant fines are already being levied; look at British Airways and Marriott. Let’s face it, no one wants one of those. Yet those affected by the incident now have data out into the world than can never be made private again.
For anyone who thinks they may be affected by this breach, I would recommend being extremely careful with whom you trust your biometric information with going forward.
This breach, among others, has shown this type of information can be lost like anything else, and while you can change your password, biometrics are irrecoverable.