"The world's most valuable resource is no longer oil, but data" - a quote I read some time ago that rings true whenever I learn about the latest cyber breach.
This piece combines two tropes of modern cyber security news stories - a third party contractor/organisation that services or work has been outsourced to is compromised; and secondly, basic security hygiene steps weren't taken - meaning that when the data was exposed, administrator account passwords were visible in plain-text, photos of users were accessible, and even security clearance details of staff were available.
In the case of biometric data (where it is stored directly, as in this breach, rather than a hash of the data itself) - the unique nature of the information causes an additional problem; that it can't be changed. Think of an account that is flagged as being part of breach data via a service like HaveIBeenPwned - once notified a user can go and rotate their password immediately; perhaps before any damage is done. In the case of fingerprints, retinal scans, or facial images - these can't be changed in the wake of the data leaking (no, Face/Off isn't real...).
Data breaches will happen as long as there is data with value to be had, but in the case of such precious information - I really hope we see across-the-board encryption and much more careful handling of unique data; otherwise I might need to practise my contouring!
Major breach found in biometrics system used by banks, UK police and defence firms