I have insisted that the push for “biometric data” in major applications and by business is a horrible idea because inevitably there will be “unintentional data breaches”, as which time such information WILL be stolen. Since biometric data is not like a credit card number which can be changed as it is permanent, this allows thieves to have permanent access to a person’s data with nothing the victim can do.
The infamous American corporate world is insisting that people “trust” their decisions on this matter because they say that such problems will not happen because of “security”.
However, a major data breach with a fingerprinting company as reported by CNET left tens of thousands of customers’ biometric data exposed to the public.
A web server containing records of about 76,000 unique fingerprints was left exposed on the internet, researchers said Wednesday. The unsecured fingerprint data, as well as employee email addresses and telephone numbers, had been collected by Brazilian company Antheus Tecnologia.
The database, which contained nearly 2.3 million data points, most of which were server access logs, has now been secured, according to Anurag Sen, the researcher who published his findings with antivirus review site Safety Detectives. The fingerprint data was stored as a binary data stream, which is a string of ones and zeroes. Sen said bad actors may be able to turn that data back into a biometric image of a fingerprint. (source)
There is no such thing as a “foolproof” system.
Any system can be hacked.
There is no such thing as “this time it is different” because times change but the nature of man does not.
It is a lesson that many would not have to like to remember or would like to consider themselves and exception to, but this is never the case.
It is another reason why the use of biometric data in popular applications is not a step forward in advancing technology, but a step backwards, for sometimes the safest ways of keeping data are also the simplest.