Biometric records containing more than a million fingerprints has been left exposed in a publicly accessible database that included a total of 27.8 million records that featured facial images, uncrypted user names, passwords, employee records and logs of entry to secure areas, among other sensitive information.
Researchers say that the sensitive data belongs to Suprema, a security company who has a vast amount of clients in the financial and government sector. One of their products, BioStar, is a lock that uses fingerprints and facial recognition software that grants access to secure facilities, which increases public fear that the breach can lead to physical breaches.
The researchers say that the vulnerability was discovered early August and Suprema was contacted two days later after the discovery. However, the company did not fix the vulnerability after the researchers contacted them multiple times.