Earlier this month security researchers unveiled the biggest-ever government data breach, affecting 55 million voters in the Philippines. The huge data breach in the Philippines apparently contains millions of fingerprint records.
However, according to several officials, the leak “doesn’t include biometrics.” But one fingerprint expert has argued how useful the data breach would be to criminals.
Law enforcers arrested the alleged mastermind in the hacking and destruction of the Commission on Elections (Comelec) website. Paul Biteng, a 23-year-old graduate of information technology, was arrested by agents of the National Bureau of Investigation (NBI).
He was arrested taken from his house along G. Tuazon and Miguelin streets in Sampaloc, Manila at past 7 p.m.
Agents have also confiscated his personal computer. The computer will be given for a digital forensic examination.
This is to check his activity before, during and after the hacking, says Philstar Global.
The data has been extensively dispersed on both the dark and clear web.
ALSO READ: Australia Census 2016: No ‘Anonymous’ Data
The data breach gave out 228,605 e-mail addresses, 1.3 million passport numbers and expiry dates of overseas Filipino voters. It also contained 15.8 million fingerprint records.
“If you lose a password you can change it,” security expert Troy Hunt said. “You can’t change a fingerprint. Short of using a belt sander, it’s not going to be much fun.”
The main 338 GB database obtained by the hacker contains five important fields. They are PRINT_FLAG, FINGER_INFO, FINGER_TOPO_COORD, QUALITY, and MATCHING_FINGER.
The third field contains a range of codes that can establish relations to individual fingerprint records, says Wired.
But according to fingerprint expert Chris Johnson, the biometric data may be entirely useless without the availability of a computer system that can interpret it. “Very often the computer systems developed for countries are bespoke,” he said.
ALSO READ: 5.6 Million Fingerprints Stolen in US Data Hack
According to Rappler, Election Commissioner Rowena Guanzon said the poll body would conduct a study. It is to analyse whether its own people are somehow accountable for the giant data breach from the Comelec website.
“We have called the Director if IT to explain why this happened,” she said, “what do they intend to do to make our website more secure.”