https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Biometrics

Massive Biometric Data Breach Creates Chaos for MSSPs

  • Written by Pam Baker
  • August 14, 2019
More than 1 million fingerprints were leaked in the largest biometric data leak to date.

VPNMentor has reported a massive biometric data leak in BioStar 2.

The web-based biometric security smartlock app uses fingerprints and facial recognition to verify user identities and grant access to locked facilities and third-party security apps. It also used to manage user permissions and to record activity logs. VPNMentor’s team gained access to more than 1 million fingerprint records, plus a bounty of facial recognition information. The app is built by Suprema, a top 50 security manufacturer in the world, and the holder of the largest market share in EMEA for biometric access control.

“Combined with the personal details, usernames and passwords, the potential for criminal activity and fraud is massive,” wrote the researchers in their report.

The researchers discovered the leak on Aug. 5. They contacted the company to notify it of the data exposure, but found their efforts ignored or rebuffed. Eventually the company closed the breach on Aug. 13.

Specifically, the VPNMentor team reports it was able to access over 27.8 million records, a total of 23 gigabytes of data. The data was discovered on a publicly accessible database used by the likes of the U.K. Metropolitan police, defense contractors and banks. The exposed data included:

  • Access to client admin panels, dashboards, back end controls, and permissions
  • Fingerprint data
  • Facial recognition information and images of users
  • Unencrypted usernames, passwords, and user IDs
  • Records of entry and exit to secure areas
  • Employee records including start dates
  • Employee security levels and clearances
  • Personal details, including employees’ home addresses and emails
  • Businesses’ employee structures and hierarchies
  • Mobile device and OS information
Panorays' Matan Or-El

Panorays’ Matan Or-El

“There have been numerous reports about exposed buckets of data, but this recent incident involving compromised biometric data from Suprema is particularly alarming: Unlike usernames and passwords, biometric information such as fingerprints and facial recognition records cannot be changed. And because Suprema is connected to thousands of organizations across the world, this compromised data has the power to rattle the entire supply chain,” said Matan Or-El, co-founder and CEO of Panorays.

Chaos for MSSPs and Other Security Providers

Now MSSPs and other channel partners are left to figure out how to secure everything from physical plants to company apps with so much biometric data available to criminals. The steps that need to be immediately taken vary some with the verticals that security providers are serving.

For example, for supply chains, it means doubling down on securing third-party vendor access.

“Organizations need to ensure that their suppliers and business partners are on par with the organization’s own security standards and continuously uphold their suppliers to that standard. This should be part of their supplier management process, including vetting and continuously monitoring these suppliers to take action on any change in the security,” advised Or-El.

For MSSP customers that serve consumers, it means double- and triple-checking every transaction.

NuData's Robert Capps

NuData’s Robert Capps

“From a consumer perspective, high-resolution fingerprints are a dangerous data set, regardless of how the original data was intended to be used. The fact that we don’t know whether the stolen fingerprint data is full resolution or templatized, it is unclear whether the stolen biometric data will have any meaningful impact. We do know that other consumer information was made available by the vendor, and this information has the possibility of being used to access consumer accounts, including financial services accounts,” said Robert Capps, vice president and authentication strategist for NuData Security, a Mastercard company.

“It is advisable, therefore, that any company using Biostar 2 for physical access should make plans to …

  • Page 1
  • Page 2
Tags: MSPs Business of Security MSSP Insider Network Security

Most Recent


  • Trend Micro Partner Program Gets Big Redesign
    The program is built around the Trend Micro One platform.
  • CEO Steve Brazier at Canalys Channels Forum EMEA 2023
    Canalys Channels Forum EMEA 2023: Vendors Ask Channel for Help During Economic Slowdown
    Channel partners are thriving as IT vendors continue to move to "partner-first" to navigate a tough economy, says Canalys.
  • 2023 Kaseya DattoCon logo
    Kaseya Intros AI Bots, Credit for Unused Appliances, Passive Recurring Revenue
    Kaseya CEO Fred Voccola kicks off DattoCon with partner updates, new products and a litter of AI bots
  • IronNet shuts down
    Liquidity Issues Force IronNet to Shut Down, Terminate All Workers
    IronNet struggled to scale its business.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • White House
    White House to Private Sector SMEs: Get Serious About Cybersecurity
  • zero trust security
    Leveraging Partner Expertise to Build a Zero-Trust Strategy
  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office
  • Threats
    Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here

Upcoming Events

View all

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Channel Futures Leadership Summit 2024

September 17, 2024 - September 19, 2024

Galleries

View all

Channel People on the Move: HP, 8×8, Five9, Nitel, RapidScale, More

October 3, 2023

7 Trends Impacting Ingram Micro Partners: Marriage of AI, Data Looms Large

October 2, 2023

Nutanix Partner Program Sees More Changes, Vendor Touts ‘Channel-Led’

October 2, 2023

Industry Perspectives

View all

Partners Balance Multicloud Opportunity, Complexity

September 25, 2023

Why Conversational AI Matters for Your Customers and How It Can Boost Your Revenue

September 15, 2023

The 5 Ds that Lead to Unplanned Business Sales

September 13, 2023

Webinars

View all

MSP 501: Leadership in Cybersecurity

October 19, 2023

DE&I: Find the Balance that Works for You

September 7, 2023

Above and Beyond with the NextGen 101ers

August 30, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 129: ZLH Enterprises

Coffee with Craig and James Episode 128: Channel Partner Strategies Intelligence Service

August 25, 2023

Coffee with Craig and James Episode 127: Expereo, Movie Night Returns

August 18, 2023

Coffee with Craig and James Episode 126: ARG

July 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X