SkipToMainContent

Emerging Threats

Biometric data breach: Database exposes fingerprints, facial recognition data of 1 million people

Biometric data breach | data breach | online data breach | protecting biometric data

Do you know that the market of biometric data systems is likely to grow significantly by 2024? Biometric sensors are incorporated into more and more devices & places. With the growing adoption of biometric devices, there is a concern regarding the security.

Biometrics are being used in law enforcement, military monitoring, travel industry, employee management, healthcare, voter registration, identity and access management at enterprise level, financial institutions  and many other places.

Try Norton 360 FREE 14-Day Trial* - Includes Norton Secure VPN

Comprehensive Device Security including Antivirus, Password Manager and more.

*Terms Apply

It is vital for enterprises and individuals to understand the limitations of biometric security.

The breach of Unique Identification Authority of India’s Aadhaar Biometric system in 2018 has put the PII of more than 1 billion Indian residents at risk.1

That raises a question: Could cybercriminals use biometric data to commit identity theft or other crimes?

The answer is possibly yes.

Biometric data is personal information that includes – finger print. Palm veins, face recognition, palm print, retina, iris recognition etc.  The biometric locking facility associated with Aadhaar aims to strengthen the privacy and confidential details of Indian citizens. Your Personally Identifiable Information (PII) on the Aadhaar card includes your full name, addresses, phone number, etc.

Cybercriminals who access any of that information could potentially use it to commit identity theft — potentially entering a secured building while pretending to be you.

Biometrics is the digital representation of physical features that identify you. That sounds more complex than the sixteen digits printed on  Aadhaar card. But in both cases, it’s personal information unique to you.

What are the risks in a biometric data breach?

Biometric information is part of your identity. Unlike a password, it can’t be changed. When cybercriminals access biometric data — fingerprints, retina, facial, or voice — they gain information which can be linked to your identity forever.

A cybercriminal might try to use your biometric data at a building where you legitimately use it to gain entry — say, with your fingerprint.

Your biometric data likely won’t help cybercriminals open a credit account in your name. But biometric information has other applications. For instance, in some places, it’s used for boarding a plane. And the number of applications for biometric data is likely to increase.

Here are the risks associated with biometric data breach – 

  • Spoof attacks that compromise the user accounts by replicating the user biometrics
  • Unauthorized access on smart devices
  • The information from biometric data breach can be used in identity theft fraud

Biometric data cannot be replaced unlink credit cards and passwords. Hence, necessary measures to be taken by enterprises and government to protect biometric data.

So what can you do now?

Tips to help protect your biometric data

Your personally identifiable information is usually stored in databases, and there’s not much you can do to prevent an accidental or intentional breach.

But just as it’s a good idea to not share your Aadhaar Card number unless absolutely necessary, you can take steps to limit who collects your biometric data.

Tip 1: Rarely share your biometric data

If an employer or anyone else asks to collect your biometric data, check to see if you can supply an alternate form of identification. For instance, you might be able enter an office with a building pass, instead of your fingerprint.

Tip 2: Ask questions

It’s fair to ask, “Why do you need it and how will it be used?”

Tip 3: Ask more questions

You might consider asking about how your biometric data will be protected. Where is my biometric data going to be stored? What security measures are in place? Who will have access to my data, and how long with you keep it?

Your biometric data belongs to you. Like other types of your personal information, it has value — including to cybercriminals — and it’s a good idea to protect it.

Try Norton 360 FREE 14-Day Trial* - Includes Norton Secure VPN

Comprehensive Device Security including Antivirus, Password Manager and more.

*Terms Apply

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.