FB pixel

Suprema issues statement on biometric records exposure

| Chris Burt
Categories Biometrics News  |  Biometrics Stocks  |  Trade Notes
 

Suprema has responded to the recent cybersecurity incident in which unencrypted biometric records from the BioStar 2 access control system were exposed to the internet.

“There are no indications that the data was downloaded during the incident based on the investigation to date. Please rest assured that this incident relates to a limited number of BioStar 2 Cloud API users. The vast majority of Suprema customers do not use BioStar 2 Cloud API in their access control and time management solutions,” Suprema Inc. President Young S. Moon says in a statement.

“We launched an internal investigation and immediately closed the access point. We also engaged a leading global forensics firm to conduct an in-depth investigation into the incident. Based on their investigation to date, they have confirmed that no further access has occurred and that the scope of potentially affected users is significantly less than recent public speculation.

“We are currently in the process of identifying potentially affected parties and engaging the relevant authorities and regulators. We will inform any impacted parties with additional information as soon as feasible possible.

“While we are unable to provide further details at this stage, as investigations are ongoing, it remains our priority to continue providing outstanding products and services to our customers as well as our distributors.”

Security researcher Noam Rotem questioned the preliminary findings of the third-party forensics investigator in comments to Verdict.

“They never asked us where we accessed the data from, so they cannot know who accessed it,” Rotem said. “We always take the trouble of accessing these systems from at least two separate countries exactly for this purpose.”

While it is possible the company could have traced the leak through server logs, according to Rotem, if they have access to them, they would “know from which IP addresses the data was accessed, and not necessarily the identity of the people who accessed it. But at least they’d have a number to know how many people accessed it, when, and what did they do.”

Verdict also reports that the UK’s Information Commissioner’s Office has said it is aware of media reports on the matter and will look into it.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Canada regulator backs privacy-preserving age assurance

The Office of the Privacy Commissioner of Canada (OPC) has published a policy note and guidance documents pertaining to age…

 

FCC seeks comment on KYC revision for commercial phone calls

The U.S. Federal Communications Commission (FCC) has proposed stronger KYC requirements for voice service providers to prevent scams and illegal…

 

Deepfake detection upgrade for Sumsub highlights continuous self-improvement

Sumsub has launched an upgrade to its deepfake detection product with instant online self-learning updates to address rapidly evolving fraud…

 

Metalenz debuts under-display camera for payment-grade face authentication

Unlocking a smartphone with your face used to require a camera placed in a notch or a punch hole in…

 

UK regulators pan patchwork policy for law enforcement facial recognition

The UK’s two Biometrics Commissioners shared cautionary observations about the use of facial recognition in law enforcement over the weekend…

 

IDV spending to hit $29B by 2030 as DPI projects scale: Juniper Research

Spending on digital identity verification (IDV) technology is projected to reach a 55 percent growth rate between now and 2030,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events