Biometric data breach: Database exposes fingerprints, facial recognition data of 1 million people


Biometric data breach: Could cybercriminals use your biometric data to commit identity theft or other crimes?

Biometric data breach | data breach | online data breach | protecting biometric data

Do you know that the market of biometric data systems is likely to grow significantly by 2024? Biometric sensors are incorporated into more and more devices & places. With the growing adoption of biometric devices, there is a concern regarding the security.

Biometrics are being used in law enforcement, military monitoring, travel industry, employee management, healthcare, voter registration, identity and access management at enterprise level, financial institutions  and many other places.

It is vital for enterprises and individuals to understand the limitations of biometric security.

The breach of Unique Identification Authority of India’s Aadhaar Biometric system in 2018 has put the PII of more than 1 billion Indian residents at risk.1

That raises a question: Could cybercriminals use biometric data to commit identity theft or other crimes?

The answer is possibly yes.

Biometric data is personal information that includes – finger print. Palm veins, face recognition, palm print, retina, iris recognition etc.  The biometric locking facility associated with Aadhaar aims to strengthen the privacy and confidential details of Indian citizens. Your Personally Identifiable Information (PII) on the Aadhaar card includes your full name, addresses, phone number, etc.

Cybercriminals who access any of that information could potentially use it to commit identity theft — potentially entering a secured building while pretending to be you.

Biometrics is the digital representation of physical features that identify you. That sounds more complex than the sixteen digits printed on  Aadhaar card. But in both cases, it’s personal information unique to you.

What are the risks in a biometric data breach?

Biometric information is part of your identity. Unlike a password, it can’t be changed. When cybercriminals access biometric data — fingerprints, retina, facial, or voice — they gain information which can be linked to your identity forever.

A cybercriminal might try to use your biometric data at a building where you legitimately use it to gain entry — say, with your fingerprint.

Your biometric data likely won’t help cybercriminals open a credit account in your name. But biometric information has other applications. For instance, in some places, it’s used for boarding a plane. And the number of applications for biometric data is likely to increase.

Here are the risks associated with biometric data breach – 

  • Spoof attacks that compromise the user accounts by replicating the user biometrics
  • Unauthorized access on smart devices
  • The information from biometric data breach can be used in identity theft fraud

Biometric data cannot be replaced unlink credit cards and passwords. Hence, necessary measures to be taken by enterprises and government to protect biometric data.

So what can you do now?

Tips to help protect your biometric data

Your personally identifiable information is usually stored in databases, and there’s not much you can do to prevent an accidental or intentional breach.

But just as it’s a good idea to not share your Aadhaar Card number unless absolutely necessary, you can take steps to limit who collects your biometric data.

Tip 1: Rarely share your biometric data

If an employer or anyone else asks to collect your biometric data, check to see if you can supply an alternate form of identification. For instance, you might be able enter an office with a building pass, instead of your fingerprint.

Tip 2: Ask questions

It’s fair to ask, “Why do you need it and how will it be used?”

Tip 3: Ask more questions

You might consider asking about how your biometric data will be protected. Where is my biometric data going to be stored? What security measures are in place? Who will have access to my data, and how long with you keep it?

Your biometric data belongs to you. Like other types of your personal information, it has value — including to cybercriminals — and it’s a good idea to protect it.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.