FB pixel

Data breach raises questions about Fractal ID’s decentralized identity architecture

Categories Biometric R&D  |  Biometrics News  |  Trade Notes
Data breach raises questions about Fractal ID’s decentralized identity architecture
 

A data breach at decentralized digital identity verification provider Fractal ID has exposed the ID documents and facial images of thousands of users and sparked online criticism of the company. A hacker gained unauthorized access to a platform operator’s account, and ran an API script for about 2 hours and 15 minutes last Sunday, according to the public breach notification.

Fractal ID has over 1 million users, according to its website, and the breach affected 0.5 percent, meaning 5 thousand of them. The company confirmed in an email to Biometric Update that about 6,3000 of 1.1 million users were affected.

The breached data includes users’ names, email addresses, digital wallet addresses, physical addresses, phone numbers, facial images and uploaded photos of documents like passports and driver’s licenses.

The company says it first contacted affected users and took immediate steps to mitigate the breach’s impact, and has now implemented additional security measures. The relevant data protection authorities and police have been contacted. Clients’ systems are unaffected, Fractal ID says.

The lack of centralized data repositories that function as honeypots drawing the attention of malicious actors is one of the main selling points for decentralized digital identity. Fractal ID refers to “selective data access and revocations at a user level” on its website, and is also a building partner of decentralized storage platform idOS, which raises questions about how the operator account was able to access so many records.

“Data breaches can result in the accessed data being shared with third parties or used for commercial purposes,” the company states. “We encourage affected users to be cautious of unsolicited communications requesting additional personal information.”

But skilled hackers in possession of the breached data likely have all the personal information they need to carry out fraud in the name of Fractal ID users.

This post was updated at 4:59pm Eastern on July 18, 2024 to correct the number of users affected.

Related Posts

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Women in Identity prepares ID Code of Conduct phase 3, on costs of ID exclusion

Identity and ID documents aren’t the same thing – but, in administrative terms, they might as well be. Without identification,…

 

Somalia officially launches printing process of new national ID card

The government of Somalia says the printing of its new generation national ID cards is now officially underway. The country’s…

 

Facial recognition for borders and travel: 2025 trends and insights

By Vito Fabbrizio Managing Director, Biometrics Business Unit, HID The world of biometrics is constantly evolving, and 2024 was a transformative…

 

Azerbaijan president approves 2025-2027 digital ID, govt strategy

President Ilham Aliyev of Azerbaijan has issued a decree activating the “Digital Development Concept of the Republic of Azerbaijan,” a…

 

Mobile driver’s licenses coming to the UK this year

The UK government is planning to issue digital driver’s licenses this year with legal backing to be accepted as proof…

 

Guyana national digital ID project gets $4.8M in 2025 budget

The government of Guyana has allocated $1 billion (US$4.8M) for national e-ID cards, as part of a budget presented last…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events