FB pixel

Data breach raises questions about Fractal ID’s decentralized identity architecture

Categories Biometric R&D  |  Biometrics News  |  Trade Notes
Data breach raises questions about Fractal ID’s decentralized identity architecture
 

A data breach at decentralized digital identity verification provider Fractal ID has exposed the ID documents and facial images of thousands of users and sparked online criticism of the company. A hacker gained unauthorized access to a platform operator’s account, and ran an API script for about 2 hours and 15 minutes last Sunday, according to the public breach notification.

Fractal ID has over 1 million users, according to its website, and the breach affected 0.5 percent, meaning 5 thousand of them. The company confirmed in an email to Biometric Update that about 6,3000 of 1.1 million users were affected.

The breached data includes users’ names, email addresses, digital wallet addresses, physical addresses, phone numbers, facial images and uploaded photos of documents like passports and driver’s licenses.

The company says it first contacted affected users and took immediate steps to mitigate the breach’s impact, and has now implemented additional security measures. The relevant data protection authorities and police have been contacted. Clients’ systems are unaffected, Fractal ID says.

The lack of centralized data repositories that function as honeypots drawing the attention of malicious actors is one of the main selling points for decentralized digital identity. Fractal ID refers to “selective data access and revocations at a user level” on its website, and is also a building partner of decentralized storage platform idOS, which raises questions about how the operator account was able to access so many records.

“Data breaches can result in the accessed data being shared with third parties or used for commercial purposes,” the company states. “We encourage affected users to be cautious of unsolicited communications requesting additional personal information.”

But skilled hackers in possession of the breached data likely have all the personal information they need to carry out fraud in the name of Fractal ID users.

This post was updated at 4:59pm Eastern on July 18, 2024 to correct the number of users affected.

Related Posts

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Emerging biometrics markets draw a crowd

Biometrics startups and giant multinationals collide as each tries to navigate emerging markets in the most-read stories of the week…

 

Laxton to supply hundreds of biometric kits to Honduras under $1.9M UNDP contract

The United Nations Development Programme has selected Laxton to provide hundreds of Biometric Citizen Registration (BCR) kits for Honduras. The…

 

Leadership change at IBIA follows layoffs at Thales

A major leadership change has been kicked off at Thales Digital Identity & Security and the International Biometrics and Identity…

 

Reusable ID for AML acquired by global fintech as compliance costs rise

Global fintech platform iCapital has entered a definitive agreement to acquire U.S.-based Parallel Markets, which provides reusable identity tools for…

 

Services Australia to run Trust Exchange pilot with largest Australian bank

A pilot with Commonwealth Bank will test the Australian government’s digital identity exchange scheme, Trust Exchange (TEx), using digital medical…

 

COPPA changes specify children’s biometrics and government IDs for protection

The Federal Trade Commission (FTC) Thursday issued notice that it finalized substantial changes to the Children’s Online Privacy Protection Act…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events