In a major breach of biometric systems used by the UK Metropolitan police, defence contractors, and banks, fingerprint and facial recognition information of more than 1 million people had been left exposed in a publicly accessible database.
According to The Guardian, researchers found that the biometric data on Suprema's web-based Biostar 2 platform that controls access to secure facilities, was unprotected and mostly unencrypted.
The database included 27.8 million records, totalling 23 gigabytes of data. A simple manipulation of the URL search criteria not only allowed access to the data but also permitted alterations. The vulnerability has been fixed, however, the scale of the breach was alarming as the service is in 1.5 million locations across the world.