BIGtoken Team
Aug 19 · 4 min read

A new security lapse in the BioStar 2 security platform has exposed 27.8 million records, including the fingerprint data of a 1 million people. That information puts those affected at a high risk for identity theft. Read on for this week’s data privacy recap.

Flaw exposes biometric data of more than a million users

Another breach has been discovered by researchers Noam Rotem and Ran Locar alongside the vpnMentor team. The leaked information includes fingerprint data of more than 1 million people, facial recognition information, unencrypted usernames and passwords, and other personal information of users of Suprema’s BioStar 2 security platform. In total, all of the information totalled roughly 27.8 million records (23 gigabytes of data). So far, we only know that the information was publicly available, but not that it’s been stolen or used for nefarious purposes specifically. The information included usernames and passwords, it could allow would-be hackers to create or modify user credentials, allowing them access to any building secured using BioStar 2. BioStar 2 is a security system, which is used to control facilities in the USA, Japan, UK, the UAE, and India. Employees working for BioStar’s parent company Suprema could also be vulnerable. Unfortunately the leaked information is perfect fodder for identity fraud.

SEC investigating breach at First American Financial Corp

The Security and Exchange Commission (SEC) announced an investigation this week into a breach of First American Financial Corp. If you’re not familiar, it’s a real estate title insurance company with a massive database of information. Via this loophole, more than 885 million personal and financial records have been exposed. These records are tied to mortgage deals specifically, and they go as far back as 2003. This news broke in May of this year via the popular security blog, KrebsOnSecurity, but the SEC is now investigating the repercussions. The data included bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers license images. And the first person to notify the press was Ben Shoval, a Seattle real estate developer who received a letter from the SEC. “This investigation is a non-public, fact-finding inquiry,” the letter explained. “The investigation does not mean that we have concluded that anyone has violated the law.”

Via Pexels.

European Central Bank investigating breach

In yet another breach announcement, the European Central Bank (ECB) announced a security lapse this week. Unauthorized people who may have stolen private information including contact data.These hackers installed malware onto an external server that hosts the Banks’ Integrated Reporting Dictionary, or BIRD. Addresses, names and position titles of 481 newsletter subscribers may have been captured. Fortunately, passwords were not among the leaked information set. While they investigate the matter, ECB is contacting people whose data may have been stolen, and they’ve taken down their website. “The ECB takes data security extremely seriously,” the institution said. It has informed the European Data Protection Supervisor about the incident.

Via Pexels.

Newly-discovered Bluetooth vulnerability could expose devices

This next article doesn’t recap a data breach exactly, but rather it’s a warning for potential breaches to come. A group of researchers presented their paper at the USENIX Security Symposium this week alerting the public to a Bluetooth security flaw. They named the vulnerability the KNOB attack, short for “Key Negotiation Of Bluetooth.” As we’ve written about before, Bluetooth technology can sometimes put users at risk. Instead of directly breaking an encryption, a newly discovered flaw allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place. When two devices connect using a Bluetooth link, a new encryption key is created. Hackers can intercept that process with a weak key, which then allows them to gain access. Fortunately, this hack is very complicated to execute, so it shouldn’t be a major concern for Bluetooth users. There are no known cases of users being preyed upon in this way yet, but it’s certainly a hole that needs to be filled.


What do you think was the most important data story of the week? Leave us a comment below.

Stay in-the-know with the top data news brought to you by BIGtoken at the start of every week.

BIGtoken

The blockchain platform for consumers to own, verify, and sell their data.

BIGtoken Team

Written by

The blockchain platform for consumers to own, verify, and sell their data. https://bigtoken.app.link/mediumdownload

BIGtoken

BIGtoken

The blockchain platform for consumers to own, verify, and sell their data.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade