News
Biometrics · Cybersecurity · Data Privacy · Identity Theft
Increasing collection of biometric data by technology companies like Apple, Google, and Amazon, alongside services such as My Ancestry and 23 & Me, exposes consumers to severe, permanent identity theft risks, exemplified by the 2015 theft of 5.6 million fingerprints from the US Office of Management and Budget and the 2018 breach of 92 million MyHeritage accounts.
Biometric data, including fingerprints, voice, retinas, DNA, and facial characteristics, is uniquely sensitive and cannot be altered once compromised, unlike traditional passwords. This data is extensively gathered by IoT devices, virtual assistants, DNA kits, and city surveillance cameras, often with insufficient security considerations.
Systems are vulnerable to spoofing, as demonstrated by hackers defeating arm vein authentication using replicated hands. Consequently, biometrics alone are inadequate for authentication and require pairing with multi-factor solutions.
The proposed Commercial Facial Recognition Act of 2019 in the United States Congress aims to mandate consent for biometric data collection, while companies like BeyondTrust offer IT security solutions to obfuscate user identity. The ongoing biometric data revolution necessitates heightened awareness and control over personal data.
