Biometric parameters (fingerprints, iris, voice, etc.) are more and more often used to identify a person and grant access to various services. Compared to traditional personal data compromising, biometric data leaks from centralized storages cause even graver consequences and, hence, are summarized by InfoWatch Analytical Center here separately.
Currently, Unique Identification Authority of India (UIDAI) holds the world’s largest biometric database containing over a billion of unique identity numbers (’Aadhaar’) of Indian citizens and residents, used, in particular, for identity verification at banks and some public agencies. In May 2017, several Indian government agencies exposed some 135 million unique identifiers. WikiLeaks claimed it was CIA that laid their hands on the biometrics of millions of Indian citizens through a cyber spying technology developed by Cross Match.
Moreover, even though Indian authorities repeatedly stressed out that UIDAI data are secure, the national storage was compromised again in early 2018, this time in its entirety.
Recently, India reported yet another vivid example of biometric data use for illicit gain. Two store owners were arrested in Surat town for using such stolen data to divert subsidized food items from initial beneficiaries.
Hacker groups have already started hunting for physiological and biological parameters. Thus, last year, hackers broke into the network of Avanti Markets, a U.S. vendor of self-service food and drink kiosks, and may have jeopardized not only customer credit card accounts, but also biometric data.
In February 2017, a computer was stolen from the Philippine Commission on Elections, resulting in the leak of the biometric data (fingerprints) of 55 million voters. Even though the data had been encrypted, you would never know what criminals could extract from it.
A similar incident happened in Ghana earlier, where four computers used by the Electoral Commission (EC) for the Biometric Voter Registration were stolen. Luckily , EC technicians backed up biometric data onto USB sticks.