Identity News Digest – July 24 2024

Welcome to FindBiometrics’ digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today:

Hack Attack Spills Leidos Internal Docs Online: Report

Leidos, a key Pentagon vendor and prominent player in the biometrics industry, has suffered a data breach, with hackers leaking internal documents online. The breach is linked to an earlier incident involving Diligent Corp., a governance, risk, and compliance solutions provider, which Leidos used for hosting internal investigation information. Leidos offers biometric solutions such as facial recognition, fingerprint identification, and iris scanning, applied in border security, law enforcement, and secure access control. The company has collaborated on significant projects, including the FBI’s Next Generation Identification system and the Department of Homeland Security’s Traveler Verification Service. Leidos has not commented on the breach, but Diligent Corp. confirmed the leak originated from a 2022 hack of Steele Compliance Solutions, acquired by Diligent in 2021.

Transact Mobile Credential Comes to University of Sydney

The University of Sydney has introduced the Transact Mobile Credential, an NFC-enabled contactless student ID system. This technology allows student IDs to be loaded onto smart devices such as smartphones and wearables, transforming them into secure, portable credentials. Users can access campus services or facilities by holding their NFC-enabled device near a reader, which securely transmits credential data to authenticate the user’s identity. The University of Sydney is the first institution in New South Wales to adopt this system, aiming to enhance security and convenience in higher education. Since its launch, nearly 80 percent of eligible users on client campuses have adopted Transact Mobile Credential, processing over $300 million in transactions.

Trampoline Park Reaches $1M Settlement of BIPA Lawsuit

Sky Zone, an indoor trampoline park company, has agreed to a settlement of over $1 million to resolve a class-action lawsuit filed under Illinois’ Biometric Information Privacy Act (BIPA). The lawsuit alleged that from April 29, 2014, to April 23, 2024, Sky Zone required employees in Illinois to scan their fingerprints without adhering to BIPA’s consent and disclosure requirements. Although denying any wrongdoing, Sky Zone settled to avoid prolonged litigation costs. Eligible employees who had their fingerprints scanned during this period can claim compensation, with amounts estimated between $350 and $650. The deadline to file a claim is July 29, 2024. This settlement is part of a larger trend of BIPA lawsuits in Illinois, prompting recent legislative amendments to the penalty structure aimed at reducing the impact on small and medium-sized businesses.

Biometric Cameras Identify Thousands of Fans Who Snuck Into Copa América Final

Biometric cameras identified over 7,000 unauthorized fans at the Copa América final between Argentina and Colombia at Hard Rock Stadium, highlighting significant security challenges at large events. The breach posed risks to legitimate attendees and prompted authorities to consider severe penalties, including criminal charges, fines, imprisonment, and potential deportation for some individuals. The incident underscores the capabilities and ethical considerations of biometric surveillance in public events. Additionally, the use of biometric entry systems is becoming more common in sports venues for operational efficiency and enhanced fan experiences. For example, the “MLB Go-Ahead Entry” system, using facial recognition technology, was recently implemented at Kansas City’s Kauffman Stadium, allowing expedited access by converting selfies into unique tokens linked to tickets, demonstrating a significant improvement in entry processing times.

Veriff Enhances Biometric Authentication Solution to Prevent Account Takeover Fraud

Veriff, a global identity verification provider, has significantly enhanced its Biometric Authentication solution to combat the rising threat of account takeover (ATO) fraud. Responding to a notable increase in AI-enabled fraudulent activities, as highlighted in Veriff’s 2024 Fraud Industry Pulse Survey, the updated solution offers features to secure user authentication processes. Improvements include higher image resolution for precise face-matching, enhanced fraud detection capabilities analyzing over 30 risk signals, and improved detection of deepfake and synthetic media. These updates aim to streamline authentication by providing robust fraud checks, liveness detection, and anti-spoofing measures, ensuring only legitimate users can access digital services. Veriff’s solution is designed to be user-centric, adapting to individual behaviors to deliver a swift and secure authentication experience, thereby reducing friction often experienced in multiple authentication sessions.

1Password Wants to Help Gauge User Readiness for Passkeys

1Password has introduced Passkey Ready, a tool designed to help developers assess their users’ readiness to transition from traditional passwords to passkeys. Passkey Ready gathers anonymized data about visitors’ devices and browsers when they access an app or website, providing developers with insights into their user base’s ability to use passkeys. Developers can implement this tool by adding a simple code snippet, and once enough data is collected, they receive a detailed report via the Passage console. This dashboard includes insights on overall passkey readiness, readiness over time, platform-specific readiness, and geographic readiness. Passkeys, created by the FIDO Alliance with support from Apple, Google, and Microsoft, use asymmetric cryptography for secure, phishing-proof authentication through biometrics. This technology aims to enhance user experience by eliminating traditional password frustrations. Previously, 1Password launched passkey support for iOS, allowing users to access their secure vaults with passwordless authentication on iOS 17 and iPadOS 17, and this feature is now available on desktop browsers and mobile devices.

—

July 24, 2024 — by Tony Bitzionis and Alex Perala