SenseNets, a company which operates facial recognition systems in China has exposed crucial personal information of 2.5 million people after leaving a database unprotected. The revelation came from a cybersecurity researcher named Victor Givors, who followed the trodden of searching around for unsecured databases. To the researcher’s surprise, the particular database contained the ID card number, tracking location data of the last 24 hours, sex, nationality, address, passphoto, birthday, and even the employer of 2565724 people.
Felix Rosbach, Product Manager at comforte AG:
“Welcome to Orwells 1984, but with an even worse twist. When bad guys get access to your identity information, things can go terribly wrong.
And this is just the start. Sometimes personally identifiable information sits in silos and hackers only get access to a small amount of data which hold not that much of a value.
But with the use of unique identifiers, like national identity card numbers, it is possible to combine datasets of multiple breaches. This enables hackers to use complex identity profiles of customers.
The most important thing organizations can do to protect identity information is to pseudonymize it. This ensures that personal data is protected whenever a breach happens and is even more important for IDs like PANs, social security numbers or national identity cards numbers.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.