{"id":11547,"date":"2019-08-28T11:00:13","date_gmt":"2019-08-28T18:00:13","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=11547"},"modified":"2024-02-01T01:21:11","modified_gmt":"2024-02-01T09:21:11","slug":"a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/","title":{"rendered":"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?"},"content":{"rendered":"<p>It\u2019s no secret that password security is often terrible.  Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and special characters \u2013 are hard to remember unless you use a password manager, which few seem to do.  As a result, people tend to choose easy-to-guess passwords like names or dates of birth, or even absurd ones like \u201cpassword\u201d and \u201c1234\u201d.  Attempts to wean people off such passwords continue to fail, and as a result many companies and organizations are trying to avoid the problem by getting rid of passwords completely.  The alternative, to use biometrics like fingerprints, iris scans and facial recognition, is well developed, and increasingly widespread.  One of the <a href=\"https:\/\/www.supremainc.com\/en\/about\/suprema.asp\">leading companies developing biometric technologies for access control<\/a> is <a href=\"https:\/\/www.supremainc.com\/en\/main.asp\">Suprema<\/a>:<\/p>\n<blockquote><p>Suprema\u2019s extensive range of portfolio includes biometric access control systems, time &amp; attendance solutions, fingerprint live scanners, mobile authentication solutions and embedded fingerprint modules. Suprema has established itself as a premium global brand in physical security industry and has worldwide sales network in over 130 countries. Suprema has no.1 market share in biometric access control in EMEA region and named to the world\u2019s top 50 security manufacturer.<\/p><\/blockquote>\n<p>According to the company\u2019s Web site, there are 1.5 million of its systems installed worldwide, used by over a billion people.  Suprema\u2019s position in this sector makes the following <a href=\"https:\/\/www.theguardian.com\/technology\/2019\/aug\/14\/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms\">news about a large-scale data breach<\/a> in its main product, <a href=\"https:\/\/www.supremainc.com\/en\/platform\/hybrid-security-platform-biostar-2.asp\">BioStar 2<\/a>, particularly concerning: \u201cIn a search last week, the researchers found Biostar 2\u2019s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.\u201d A message on Suprema\u2019s home page states: \u201cthis incident relates to a limited number of BioStar 2 Cloud API users.  The vast majority of Suprema customers do not use BioStar 2 Cloud API in their access control and time management solutions.\u201d  That may be true, but <a href=\"https:\/\/www.vpnmentor.com\/blog\/report-biostar2-leak\/\">the researchers\u2019 discussion of what was exposed<\/a> makes disturbing reading:<\/p>\n<blockquote><p>Our team was able to access over 27.8 million records, a total of 23 gigabytes of data, which included the following information:<\/p>\n<p>Access to client admin panels, dashboards, back end controls, and permissions<br>\nFingerprint data<br>\nFacial recognition information and images of users<br>\nUnencrypted usernames, passwords, and user IDs<br>\nRecords of entry and exit to secure areas<br>\nEmployee records including start dates<br>\nEmployee security levels and clearances<br>\nPersonal details, including employee home address and emails<br>\nBusinesses\u2019 employee structures and hierarchies<br>\nMobile device and OS information<\/p><\/blockquote>\n<p>The fact that passwords \u2013 including those for accounts with administrator rights \u2013 were stored by a security company in an <i>unencrypted<\/i> form is extraordinary.  As the researchers note, anyone who had found this database could use those admin passwords to take over a high-level BioStar 2 account with all user permissions and full clearances, and make changes to the security settings in an entire network. They could create new accounts, complete with fingerprints and facial scans, and give themselves access to secure areas within buildings.  Similarly, they could change the fingerprints on accounts with security clearance to grant anyone the power to enter these areas.  <\/p>\n<p>Since the admin account controls activity logs, criminals could delete or alter the data to hide their activities. In other words, access to these passwords allows anyone to enter any part of a supposedly secure building invisibly, leaving no trace of their presence.  This would allow the theft of valuable objects that are held on the premises.  More seriously, perhaps, it would allow physical access to computer departments, which might make further access to networks and sensitive data easier.<\/p>\n<p>The problems don\u2019t end there.  The list of highly-personal information such as employment records, email addresses, and home addresses exposed on the database would make both identify fraud and phishing a real risk.  It would also identify the key employees within companies using the BioStar 2 system.  That would make them more vulnerable to threats of blackmail by criminals. But perhaps the most serious problem is the following one noted by the researchers:<\/p>\n<blockquote><p>The use of biometric security like fingerprints is a recent development. As such, the full potential danger in having your fingerprints stolen is still unknown. <\/p>\n<p>However, the important thing to remember is that once it\u2019s stolen, unlike passwords, your fingerprint can\u2019t be changed. <\/p>\n<p>This makes fingerprint data theft even more concerning. Fingerprints are replacing typed passwords on many consumer items, like phones. Most fingerprint scanners on consumer goods are unencrypted, so when a hacker develops technology to replicate your fingerprint, they will gain access to all the private information such as messages, photos, and payment methods stored on your device. <\/p><\/blockquote>\n<p>According to the researchers who discovered this exposed database, instead of storing a hash of the fingerprint \u2013 a mathematically scrambled version that can\u2019t be reverse-engineered \u2013 Suprema saved people\u2019s actual fingerprints in digital form, which can therefore be copied and used directly for malicious purposes.  There are already many ways of creating fake fingerprints good enough to fool biometric systems.  If the full fingerprint data is available, such fake versions stand a good chance of defeating even the best biometric security.<\/p>\n<p>The potential exfiltration of so many fingerprints in the case of the BioStar 2 system makes answering the question \u201cwhat happens when someone has a copy of your biometric data?\u201d even more urgent.  As people have been pointing out for years, you can\u2019t change your biometrics, short of surgery.  Or, as Suprema says on its Web site: \u201cBiometrics is the key that defines us.\u201d  Given that central, immutable fact, maybe it\u2019s time to demand that biometrics should only be used when absolutely necessary \u2013 not as a matter of routine.  And that if they are used, they must \u2013 by law \u2013 be protected with the highest levels of security available.  Meanwhile, passwords, not biometrics, should be used in most situations requiring a check before granting access.  At least they can be changed if a database holding them is compromised.  And instead of pushing people to choose and remember better passwords \u2013 a forlorn hope \u2013 we should instead help them install and use password managers.<\/p>\n<p>Featured image by <a href=\"https:\/\/www.supremainc.com\/en\/about\/suprema.asp#n\">Suprema<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and special characters \u2013 are hard to remember unless you use a password manager, which few seem to do. As a result, people tend to choose easy-to-guess passwords like &hellip; <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":20,"featured_media":11548,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":false,"_modified_date":"","footnotes":""},"categories":[12,1],"tags":[502,1103,503,746,1004],"class_list":["post-11547","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-news","tag-biometrics","tag-data-breach","tag-fingerprints","tag-password-manager","tag-passwords"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?<\/title>\n<meta name=\"description\" content=\"It&#039;s no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?\" \/>\n<meta property=\"og:description\" content=\"It&#039;s no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-28T18:00:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-01T09:21:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1350\" \/>\n\t<meta property=\"og:image:height\" content=\"737\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Glyn Moody\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/twitter.com\/glynmoody\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Glyn Moody\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\"},\"author\":{\"name\":\"Glyn Moody\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\"},\"headline\":\"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?\",\"datePublished\":\"2019-08-28T18:00:13+00:00\",\"dateModified\":\"2024-02-01T09:21:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\"},\"wordCount\":1027,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png\",\"keywords\":[\"biometrics\",\"data breach\",\"fingerprints\",\"password manager\",\"passwords\"],\"articleSection\":[\"Cybersecurity\",\"General Privacy News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\",\"name\":\"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png\",\"datePublished\":\"2019-08-28T18:00:13+00:00\",\"dateModified\":\"2024-02-01T09:21:11+00:00\",\"description\":\"It's no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png\",\"width\":1350,\"height\":737},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\",\"name\":\"Glyn Moody\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"caption\":\"Glyn Moody\"},\"description\":\"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \\\"Rebel Code,\\\" is the first and only detailed history of the rise of open source, while his subsequent work, \\\"The Digital Code of Life,\\\" explores bioinformatics - the intersection of computing with genomics.\",\"sameAs\":[\"http:\/\/opendotdotdot.blogspot.com\/\",\"https:\/\/www.linkedin.com\/in\/glynmoody\/\",\"https:\/\/x.com\/http:\/\/twitter.com\/glynmoody\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?","description":"It's no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/","og_locale":"en_US","og_type":"article","og_title":"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?","og_description":"It's no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2019-08-28T18:00:13+00:00","article_modified_time":"2024-02-01T09:21:11+00:00","og_image":[{"width":1350,"height":737,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png","type":"image\/png"}],"author":"Glyn Moody","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/twitter.com\/glynmoody","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Glyn Moody","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/"},"author":{"name":"Glyn Moody","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775"},"headline":"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?","datePublished":"2019-08-28T18:00:13+00:00","dateModified":"2024-02-01T09:21:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/"},"wordCount":1027,"commentCount":0,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png","keywords":["biometrics","data breach","fingerprints","password manager","passwords"],"articleSection":["Cybersecurity","General Privacy News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/","name":"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png","datePublished":"2019-08-28T18:00:13+00:00","dateModified":"2024-02-01T09:21:11+00:00","description":"It's no secret that password security is often terrible. Good passwords \u2013 ones that are long and include a mix of lower case, upper case, numbers, and","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/08\/suprema-biometrics.png","width":1350,"height":737},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-major-data-breach-in-the-access-platform-biostar-2-raises-the-question-what-happens-when-your-biometric-data-is-exfiltrated-from-a-system\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775","name":"Glyn Moody","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","caption":"Glyn Moody"},"description":"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \"Rebel Code,\" is the first and only detailed history of the rise of open source, while his subsequent work, \"The Digital Code of Life,\" explores bioinformatics - the intersection of computing with genomics.","sameAs":["http:\/\/opendotdotdot.blogspot.com\/","https:\/\/www.linkedin.com\/in\/glynmoody\/","https:\/\/x.com\/http:\/\/twitter.com\/glynmoody"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/11547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=11547"}],"version-history":[{"count":12,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/11547\/revisions"}],"predecessor-version":[{"id":11562,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/11547\/revisions\/11562"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/11548"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=11547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=11547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=11547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}