A significant data breach has exposed the sensitive biometric information of thousands of law enforcement officials and police applicants in India, with lost PII including fingerprints, facial images, and other personal details.
Security researcher and Security Discovery co-founder Jeremiah Fowler discovered the leak on an exposed server linked to ThoughtGreen Technologies. The trove contained nearly 500 gigabytes of data from 2021 to early April. The data included verification documents of teachers, railway workers, and law enforcement personnel, highlighting the risks associated with biometric data storage.
The exposed data underscores the dangers associated with the storing biometric information, in part because biometric details such as fingerprints and facial images cannot be changed, posing a perpetual risk once compromised.
“You can change your name, you can change your bank information, but you can’t change your actual biometrics,” Fowler told Wired.
Further complicating matters, Fowler discovered a Telegram channel advertising the sale of similar biometric police data from India. Although he couldn’t fully verify that this was the data that was leaked in the India breach, the resemblance to the exposed information raises concerns about the potential spread and misuse of such data by criminals.
Prateek Waghre, executive director of the Internet Freedom Foundation, points out that the vast collection of biometric data in India, especially among government employees, presents significant security risks.
“A lot of times, the verification that government employees or officers use also relies on biometric systems,” said Waghre. “If you have that potentially compromised, you are in a position for someone to be able to misuse and then gain access to information that they shouldn’t.”
The incident suggests the need for stronger data protection laws and more stringent data handling practices. As global reliance on biometric data for identity verification grows, so does the risk of such data being leaked and abused, calling for enhanced security measures and accountability in data storage and management.
Source: Wired
—
May 24, 2024 — by Tony Bitizionis
Related News
Scots Under Arrest Now Get Biometric Info Leaflets
Telangana Police Hit by Second Major Data Breach as App Compromised
Proposed UK Data Protection Amendments Touch On Police Biometrics
Australia Looks to Biometric IDV in ‘National Strategy for Identity Resilience’
FTC to Issue Policy Statement On Biometric Data
Decentralized Biometrics Can Avoid Risks of ‘Service Provider Supply Chain’: Privado ID Co-Founder
Follow Us