WASHINGTON (Reuters) - More than a million fingerprints and other sensitive data have been leaked to the Internet and a cyber security company has access to the data, researchers said on Monday.
The researchers, who work with VBN Mentor, said they had accessed the data through an electronic security program called Biostar 2.
The program is used by thousands of companies and institutions around the world, including the Metropolitan Police, to control access to certain parts of security facilities.
Suprema, which provides the program to companies around the world, said it was working to address the problem.
"If there is any particular threat to our products or services, we will take immediate action and issue the appropriate data, to protect the companies and valuable assets of our customers," a company spokesman said.
According to VNB Mentor, the data, which was discovered on Aug. 5, became confidential again on May 13. But it was unclear how long the data was exposed on the Internet.
In addition to fingerprint records, the researchers said they found images of people, facial recognition data, names, addresses, passwords, and biographies.
Among the British organizations directly affected by the breach is Thai Mountain, a home appliance retailer.
"It's really crazy," said Noam Rotem, one of the researchers who found the data, noting that biometric verification information, such as fingerprints, could not be made private again after a one-time exposure.
In total, 23 GB of data, containing nearly 30 million open records, were found online.
"This data can be used in a wide range of criminal activities, which will be disastrous for both the affected companies and institutions, as well as their employees or customers," VBN Mentor said in a blog.