Biostar 2 Data Breach Lawsuit Investigation

27.8 Million Accounts Reportedly Affected

On August 5, 2019, cyber security researchers reportedly discovered a data breach in Biostar 2, a security platform that uses biometric data. The researchers said that millions of Biostar 2 users are affected, and the data includes fingerprints, facial recognition, unencrypted usernames and passwords, and other personal information that may include activity logs.

Many companies use Biostar 2 for building access, or privileged access to business applications, according to the cyber security researchers.

Find out if you’re affected

Contact us for a free consultation.


Data Breach: 27.8 Millions Biostar Records, including Biometrics

The cyber security researchers who discovered the data breach say that they were able to access over a million fingerprint records, as well as facial recognition records. In total, the researchers say they were able to access 27.8 million records, which included information on when employees entered and left work, as well as personal information such as their address and phone number.

They say they disclosed the breach to Suprema, the maker of Biostar 2, but the company initially ignored them. The researchers tried to reach company officials and even reported the breach to the GDPR compliance office for Biostar 2. The researchers were eventually able to reach someone in Biostar’s French offices, and the company was then able to secure the compromised data, according to vpnMentor.

The biometric data was publicly exposed for at least a week after the cyber security researchers discovered it, but was likely available for much longer, according to vpnMentor.

Biostar 2 Data Breach Victims May Be At Great Risk

The cyber security researchers point out that biometric data is forever. Your fingerprints and face follow you around for life.

The cyber security researchers who discovered the breach said:

Facial recognition and fingerprint information cannot be changed. Once they are stolen, it can’t be undone. The unsecured manner in which BioStar 2 stores this information is worrying, considering its importance, and the fact that BioStar 2 is built by a security company.

Instead of saving a hash of the fingerprint (that can’t be reverse-engineered) they are saving people’s actual fingerprints that can be copied for malicious purposes.

Putting all the data found in the leak together, criminals of all kinds could use this information for varied illegal and dangerous activities.

Because biometric data usually does not change, individuals who have biometric data compromised may face a lifetime of risk of their biometrics being used for criminal activity.

fingerprint stolen during biostar 2 data breach

According to the cyber security researchers, employees with the following companies had records exposed:

  • Union Member House
  • Lits Link
  • Phoenix Medical

Our Data Breach Lawsuit Attorneys

Eric Gibbs

A founding partner at the firm, Eric has negotiated groundbreaking settlements that favorably shaped laws and resulted in business practice reforms.

View full profile

David Berger

David represents consumers in data breach, privacy, and financial services litigation. He has prosecuted some of the largest privacy cases nationwide.

View full profile

Amanda Karl

Amanda represents employees, consumers, and sexual assault survivors in complex class actions. She also leads the firm’s Voting Rights Task Force.

View full profile

Aaron Blumenthal

Aaron represents consumers, employees, and whistleblowers in class actions and other complex litigation.

View full profile

Our Data Breach Lawsuit Experience

Our firm has represented plaintiffs in complex lawsuits involving some of the nation’s largest data breaches, including litigation against Anthem, Adobe, Home Depot, Excellus Blue Cross and Blue Shield, and Banner Health, among others. In the past, we have successfully represented consumers with data breach and privacy claims involving HealthNet and Certegy Check Services.

Eric Gibbs has established himself as a leader in emerging litigation involving data breach and privacy. He was court-appointed to the four-member leadership team in the Anthem Data Breach Litigation, which recently settled for $115 million, the largest data breach settlement in history (settlement pending final Court approval). Eric secured a landmark ruling in the Adobe Systems, Inc. Privacy Litigation, which makes it easier for plaintiffs to seek relief following a breach. He was recently selected from among a pool of attorneys from across the country to serve as co-lead counsel in the Vizio, Inc., Consumer Privacy Litigation.

Eric co-founded the American Association for Justice’s Data Breach and Privacy Litigation Group, and has served as chair and organizer of several consumer privacy conferences on best practices and developments in consumer privacy litigation.

titan of plaintiffs bar award
best law firm ranking
chambers USA leading firms award
daily journal top plaintiff lawyers award