Norton Logo
Please select your country/region
  1. Blog Home
  2. Emerging Threats
  3. Biometric data breach: Database exposes fingerprints, facial recognition data of 1 million people

Biometric data breach: Database exposes fingerprints, facial recognition data of 1 million people

Biometric data breach: Could cybercriminals use your biometric data to commit identity theft or other crimes?

Image
Norton logo
  • Written by Norton
  • Published August 08, 2018 2 min read

Biometric data breach | data breach | online data breach | protectingĀ biometric data

Do you know that the market of biometric data systemsĀ is likely to grow significantly by 2024? Biometric sensors are incorporatedĀ into more and more devices & places. With the growing adoption of biometricĀ devices, there is a concern regarding the security.

Biometrics are being used in law enforcement, militaryĀ monitoring, travel industry, employee management, healthcare, voterĀ registration, identity and access management at enterprise level, financialĀ institutions Ā and many other places.

It is vital for enterprises and individuals toĀ understand the limitations of biometric security.

The breach of Unique Identification Authority ofĀ Indiaā€™s Aadhaar Biometric system in 2018 has put the PII of more than 1 billionĀ Indian residents at risk.1

That raises a question: Could cybercriminals useĀ biometric data to commit identity theft or other crimes?

The answer is possibly yes.

Biometric dataĀ isĀ personal information that includes ā€“ finger print. Palm veins, faceĀ recognition, palm print, retina, iris recognition etc.Ā  The biometric locking facility associatedĀ with Aadhaar aims to strengthen the privacy and confidential details of IndianĀ citizens. Your Personally Identifiable Information (PII) on the Aadhaar cardĀ includes your full name, addresses, phone number, etc.

Cybercriminals who access any of that informationĀ could potentially use it to commit identity theft ā€” potentially entering aĀ secured building while pretending to be you.

Biometrics is the digital representation of physicalĀ features that identify you. That sounds more complex than the sixteen digitsĀ printed onĀ  Aadhaar card. But in both cases, itā€™s personal informationĀ unique to you.

What are the risks in a biometric data breach?

Biometric information is part of your identity. UnlikeĀ a password, it canā€™t be changed. When cybercriminals access biometric data ā€”Ā fingerprints, retina, facial, or voice ā€” they gain information which can beĀ linked to your identity forever.

A cybercriminal might try to use your biometric dataĀ at a building where you legitimately use it to gain entry ā€” say, with yourĀ fingerprint.

Your biometric data likely wonā€™t help cybercriminalsĀ open a credit account in your name. But biometric information has otherĀ applications. For instance, in some places, itā€™s used for boarding a plane. AndĀ the number of applications for biometric data is likely to increase.

Here are the risks associated with biometric dataĀ breach ā€“Ā 

  • Spoof attacks that compromise the user accounts by replicating the user biometrics
  • Unauthorized access on smart devices
  • The information from biometric data breach can be used in identity theft fraud

Biometric data cannot be replaced unlink credit cards and passwords. Hence, necessary measures to be taken by enterprises and government to protect biometric data.

So what can you do now?

Tips to help protect your biometric data

Your personally identifiable information is usually stored in databases, and thereā€™s not much you can do to prevent an accidental or intentional breach.

But just as itā€™s a good idea to not share your Aadhaar Card number unless absolutely necessary, you can take steps to limit who collects your biometric data.

Tip 1: Rarely share your biometric data

If an employer or anyone else asks to collect your biometric data, check to see if you can supply an alternate form of identification. For instance, you might be able enter an office with a building pass, instead of your fingerprint.

Tip 2: Ask questions

Itā€™s fair to ask, ā€œWhy do you need it and how will it be used?ā€

Tip 3: Ask more questions

You might consider asking about how your biometric data will be protected. Where is my biometric data going to be stored? What security measures are in place? Who will have access to my data, and how long with you keep it?

Your biometric data belongs to you. Like other types of your personal information, it has value ā€” including to cybercriminals ā€” and itā€™s a good idea to protect it.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note:Ā Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.Ā 

Contents

    Related articles

    Want more?

    Follow us for all the latest news, tips and updates.

    Twitter
    Instagram
    Facebook
    YouTube