COMELEC officials in the Philippines claims a massive data breach in its millions of fingerprints records but said biometrics are not included. But one fingerprint specialist predicts the leaked data could be useful to criminals.
A while ago security researchers uncovered the largest ever data breach, it affects the 55 Million voters in the philippines. The number of data that is distributed on dark and clear web, compromise 228,605 email addresses; 1.3 million passport numbers and expiry dates of overseas Filipino voters; and 15.8 million fingerprint records.
“If you lose a password you can change it,” “You can’t change a fingerprint. Short of using a belt sander, it’s not going to be much fun.” , security expert Troy Hunt told WIRED.
There is a five fields of main 338 GB hack by hackers that relate to fingerprint data: PRINT_FLAG, FINGER_INFO, FINGER_TOPO_COORD, QUALITY, MATCHING_FINGER. Also the third one contains the series of codes that correlate also to individual fingerprint records.
Experts said that there is a risk’s in people’s fingerprints being replicated or it can be use for identity fraud if the criminal have an access to these codes and not the images the relates on it.
The Attack happens last March 27 with the group named Anonymous Phillipines they hacked the website of Philippines Commission on Elections (Comelec). Until now they dont know how the attack happens and what security flaws exploited. After that incident there is a second hacker group named Lulz Sec Pilipinas, they post the image of Comelec databased online and widely spread.
Comelec Officials said there is still say that the data has not been authenticated , but they admitted it being copied was a case scenario. The attack,officials said that the election result cannot be compromised.Officials is now doing procedures to determine the hackers that breach the data.