FB pixel

Reported Australian biometric data breach prompts arrest and hysteria

Reported Australian biometric data breach prompts arrest and hysteria
 

An apparent data breach of personal information including face biometrics of about a million Australians has been reported, and an arrest made.

People claiming to be former developers for Outabox in the Philippines created a website claiming they have “facial recognition biometric, driver licence [sic] scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage” data. It also says the hack is a response to Outabox’ failure to pay them for 18 months.

The data was apparently collected from 19 venues in New South Wales and the Australian Capital Territory operated by ClubsNSW. The firm had contracted Outabox, a hospitality IT provider, which is the source of the allegedly breached data. Outabox received the data from systems operated by gambling machine supplier IGT, according to the website.

The claims made on the site have not been verified.

Australia has been embracing face biometrics as a tool for enforcing responsible gaming measures like self-exclusion.

Outabox and the website claiming to share the details of the breach have released statements and responses alleging and denying poor data management practices and violations of privacy regulations.

An unnamed 46 year old man was arrested in the Sydney area and is expected to be charged with blackmail, The Australian Financial Review reports. AFR also notes that the local arrest may indicate that the website registered in the Philippines may be a ruse to throw investigators off the real perpetrators’ trail.

The purported hackers’ website claims facial and driver’s licenses images were stored, the former appearing not to have been converted into templates, and therefore not directly useful for biometric comparison.

Wired wrong: “hidden danger” vs “no real risk”

Wired’s coverage refers to the “hidden danger of biometrics,” but as terms like “template” and “encryption” do not appear either on the purported hackers’ website or the news article.

“The biometric line is a good headline, but it’s likely a little hyperbolic: data that a verifier captures in order to match biometrics is not necessarily usable in other contexts and possibly poses no real risk,” cybersecurity expert Troy Hunt, who created the website Have I Been Pwned, posted on X.

This is because facial images cannot be matched by facial recognition algorithms unless the biometric data is presented in the form of a template. Reverse engineering biometric templates is possible in theory, but has yet to be observed in the wild.

Wired quotes Hunt assessment of the veracity of the claims, and even links to his posts on X, but declines to note the contradiction to its headline.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events