FB pixel

Reported Australian biometric data breach prompts arrest and hysteria

Reported Australian biometric data breach prompts arrest and hysteria
 

An apparent data breach of personal information including face biometrics of about a million Australians has been reported, and an arrest made.

People claiming to be former developers for Outabox in the Philippines created a website claiming they have “facial recognition biometric, driver licence [sic] scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage” data. It also says the hack is a response to Outabox’ failure to pay them for 18 months.

The data was apparently collected from 19 venues in New South Wales and the Australian Capital Territory operated by ClubsNSW. The firm had contracted Outabox, a hospitality IT provider, which is the source of the allegedly breached data. Outabox received the data from systems operated by gambling machine supplier IGT, according to the website.

The claims made on the site have not been verified.

Australia has been embracing face biometrics as a tool for enforcing responsible gaming measures like self-exclusion.

Outabox and the website claiming to share the details of the breach have released statements and responses alleging and denying poor data management practices and violations of privacy regulations.

An unnamed 46 year old man was arrested in the Sydney area and is expected to be charged with blackmail, The Australian Financial Review reports. AFR also notes that the local arrest may indicate that the website registered in the Philippines may be a ruse to throw investigators off the real perpetrators’ trail.

The purported hackers’ website claims facial and driver’s licenses images were stored, the former appearing not to have been converted into templates, and therefore not directly useful for biometric comparison.

Wired wrong: “hidden danger” vs “no real risk”

Wired’s coverage refers to the “hidden danger of biometrics,” but as terms like “template” and “encryption” do not appear either on the purported hackers’ website or the news article.

“The biometric line is a good headline, but it’s likely a little hyperbolic: data that a verifier captures in order to match biometrics is not necessarily usable in other contexts and possibly poses no real risk,” cybersecurity expert Troy Hunt, who created the website Have I Been Pwned, posted on X.

This is because facial images cannot be matched by facial recognition algorithms unless the biometric data is presented in the form of a template. Reverse engineering biometric templates is possible in theory, but has yet to be observed in the wild.

Wired quotes Hunt assessment of the veracity of the claims, and even links to his posts on X, but declines to note the contradiction to its headline.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Florida tosses mDL program into the Gulf

Florida’s mobile driver’s license has been shut down, making the state a rare case in the world of a place…

 

Physical, digital spoof detection for ID documents upgraded by IDScan.net

IDScan.net is introducing new tools to detect more instances of tampering on identity documents. The new features to detect physical…

 

Social media giants face the wrath of new Australian government committee

Australia continues to harden its stance on social media. In a release from the office of Minister for Communications Michelle…

 

New Zealand trust framework looks to onboard digital ID providers

In an interview with Radio New Zealand (RNZ), Digital Identity New Zealand Executive Director Colin Wallis confirms that the country’s…

 

Google introduces passkeys for users at high risk of cyberattacks

Google users now have the option to use passkeys for account security in signing up for its Advanced Protection Program…

 

EU residency permits to exempt Brits from biometric checks at UK border

The UK government has confirmed its intention to implement the changes necessary to accommodate the European Union’s new digital Entry/Exit…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events