Close this search box.

Major Biometric Data Breach Discovered

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” border_sizes_top=”” border_sizes_bottom=”” border_sizes_left=”” border_sizes_right=”” first=”true”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” content_alignment_medium=”” content_alignment_small=”” content_alignment=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” margin_top=”” margin_right=”” margin_bottom=”” margin_left=”” font_size=”” fusion_font_family_text_font=”” fusion_font_variant_text_font=”” line_height=”” letter_spacing=”” text_transform=”none” text_color=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]

Data breach discovered: In the early weeks of August 2019, millions of fingerprints, facial recognition information, login credentials, and personal information were accidentally made public by Suprema Security. The firm involved is used by banks, governments, and policing bodies from all over the world – making this a particularly troubling data breach.

Fortunately, on this occasion, the breach was found by a group of white hat hackers (also known as ethical hackers) rather than criminals. White hat hackers look for vulnerabilities in big businesses and inform them of these gaps in cyber security so that they’re more cyber secure.

So, What Happened?

Suprema are responsible for a biometrics system called BioStar 2. This system supplies businesses with secure access to facilities, such as office buildings or warehouses. BioStar 2 uses fingerprints and facial recognition to grant access to these workplaces.

Recently, Suprema integrated its biometrics system into AEOS, another system used by nearly 6000 businesses around the world – including the UK Metropolitan Police.

vpnmentor, the group who discovered the breach, found that BioStar 2’s database was barely encrypted, meaning it was stored unsecurely, and therefore vulnerable to exploitation by those with the know-how.

It wasn’t just fingerprints that were publicly available, but photographs, facial recognition information, names, addresses, and passwords too.

Commenting on the breach, Suprema stated:

“If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets”

This is troubling because if the hack had been discovered by criminals, rather than ethical hackers, then 27.8m records could very easily have been posted all over the internet, including the dark web.

Biometrics are not what you want being made publicly available either. Passwords can be changed, but fingerprints cannot.

How this discovered data breach could have been more serious

Because the data wasn’t encrypted, people were able to see the data in plain text.

This meant that vpnmentor researchers were able to see who was entering any building running on BioStar 2 in real time and view all of their personal information stored on file. They were also able to alter the data and even add new users – meaning that unauthorised personnel could actually enter the buildings themselves.

Suprema provides data security to over 1.5 million companies worldwide. If every one of these companies had their important data released online then they were all at risk of falling victim to a cyber attack or data breach.

The breached data, which was discovered on 5th August 2019, was secured again on 13th August 2019. This means that, at this point, there is no proof that any information has made it into the hands of criminals, but the investigation continues.

To measure your cyber security capabilities, download our Cyber Security Rating Report.

To find out more about keeping your business safe,
email Neuways at or call us on 01283 753 333


Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Phishing Awareness Training
How To React To The Rise In Quality of Phishing Attacks
Be Cybersafe, stay informed, stay vigilant, and let Neuways help you build a strong and secure defence...
Read More
IT Support issues can be resolved by working with companies like Neuways
IT Support issue caused Cornwall Hospital Disruption - Not Cyber Attack
IT Support issues - It's all about backup protocols. These Issues caused disruption in Cornwall. but...
Read More
Neuways explain how to help move IT offices seamlessly.
How to seamlessly move offices without your IT being affected
Moving offices as a business does not have to be complicated. Make life easier for your team by enlisting...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Become Cybersafe: Listen to our Cybersafe Digest Podcast
As leaders of businesses and companies, the weight of safeguarding your company’s assets, reputation,...
Read More
Use a password manager tool like the ones recommended from Neuways
Best thing about using a Password Manager tool
When using a password manager tool, you can store all your login details in one accessible place. It's...
Read More
Cyber Security Representation
The Critical Need for Businesses to Strengthen Cyber Security in the Age of AI
Businesses must take note of the dangers of AI and Cyber Security. In our latest blog we explain the...
Read More
IT Support in Derby from Neuways
What Questions should you be asking your IT Support Provider?
Choosing the right managed IT service provider (MSP) is crucial for your business’s success, and...
Read More
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311


Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.