Millions of people will soon face sophisticated identity theft attacks.
In India, a large-scale data leak occurred, as a result of which the biometric data of millions of citizens became available. An unsecured database containing fingerprints and facial scans of police, military and civilian personnel was discovered during the general election, raising serious concerns about identity theft and election security.
According to a study by cybersecurity expert Jeremiah Fowler, an unsecured database containing more than 1.6 million documents (totaling 496.4 GB) was discovered by Website Planet. The leaked files contained photographs, fingerprints, signatures and identification tags of police, military, teachers and railway workers.
In addition to biometric data, the leak included important documents such as birth certificates, email addresses, job applications, diplomas and other confidential files.
284,535 documents related to physical fitness tests (PET) for police and law enforcement officers are particularly highlighted. These files contained images of employee signatures, PDF documents, and special mobile applications, some of which were packaged in ZIP archives.
In one of the folders called "Facial Software Installation", images and documents transmitted through the aforementioned applications were found. The leak also contained internal database names, usernames and passwords in clear text.
Most of the leaked data belonged to two Indian companies: ThoughtGreen Technologies and Timing Technologies. Both companies provide services for the development of applications, RFID technologies and biometric verification. However, it is still not clear which of these companies owned the compromised server.
According to experts, the leaked information can already be sold among intruders, which puts millions of people at risk of targeted cyber attacks.
Biometric data, such as fingerprints, are unique identifiers tied to a person's identity and are virtually unalterable. This data can be used for a variety of malicious purposes, including identity forgery and identity theft.
It is noteworthy that in 2022, India passed a law expanding the power of the police to collect biometric data from convicted, arrested or detained persons. But hardly anyone would have thought that this data would be leaked, and even affecting the biometrics of the police themselves and even the military.
This incident highlights the ethical and regulatory challenges associated with the collection, use and storage of biometric data, and is a clear demonstration for governments and private companies of what happens if even a small mistake is made when storing such data.
In India, a large-scale data leak occurred, as a result of which the biometric data of millions of citizens became available. An unsecured database containing fingerprints and facial scans of police, military and civilian personnel was discovered during the general election, raising serious concerns about identity theft and election security.
According to a study by cybersecurity expert Jeremiah Fowler, an unsecured database containing more than 1.6 million documents (totaling 496.4 GB) was discovered by Website Planet. The leaked files contained photographs, fingerprints, signatures and identification tags of police, military, teachers and railway workers.
In addition to biometric data, the leak included important documents such as birth certificates, email addresses, job applications, diplomas and other confidential files.
284,535 documents related to physical fitness tests (PET) for police and law enforcement officers are particularly highlighted. These files contained images of employee signatures, PDF documents, and special mobile applications, some of which were packaged in ZIP archives.
In one of the folders called "Facial Software Installation", images and documents transmitted through the aforementioned applications were found. The leak also contained internal database names, usernames and passwords in clear text.
Most of the leaked data belonged to two Indian companies: ThoughtGreen Technologies and Timing Technologies. Both companies provide services for the development of applications, RFID technologies and biometric verification. However, it is still not clear which of these companies owned the compromised server.
According to experts, the leaked information can already be sold among intruders, which puts millions of people at risk of targeted cyber attacks.
Biometric data, such as fingerprints, are unique identifiers tied to a person's identity and are virtually unalterable. This data can be used for a variety of malicious purposes, including identity forgery and identity theft.
It is noteworthy that in 2022, India passed a law expanding the power of the police to collect biometric data from convicted, arrested or detained persons. But hardly anyone would have thought that this data would be leaked, and even affecting the biometrics of the police themselves and even the military.
This incident highlights the ethical and regulatory challenges associated with the collection, use and storage of biometric data, and is a clear demonstration for governments and private companies of what happens if even a small mistake is made when storing such data.
