Jim Wilson reports:
The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection) relating to fingerprint data on an Antheus log server in Brazil.
Our team, led by Anurag Sen, discovered almost 2.3 million data points in total and estimates that 76,000 unique fingerprints were found on the database.
[…]
In parallel to the biometric data breach, Antheus Tecnologia also has another related vulnerability which we noticed during our investigation. The company provides services to a national Civil Identification System in Brazil used to issue driving licenses although the access portal used for onboarding new users is not secure given the lack of password protection.
Read more on SafetyDetectives.