What is Biometric Database?
A centralized collection of biometric data (fingerprints, face scans, iris patterns) that once breached cannot be remediated because biometric data cannot be changed.
Biometric databases are the most dangerous type of personal data collection because the damage from a breach is permanent.
Why It's Different
- A stolen password can be changed
- A stolen credit card can be replaced
- Stolen fingerprints or face geometry CANNOT be changed
- One breach = lifetime of compromised identity
Notable Breaches
- US Office of Personnel Management (2015): 5.6 million fingerprint records stolen
- India Aadhaar: Multiple breaches of the world's largest biometric database
- BioStar 2 (2019): 27.8 million biometric records exposed
Scale
- India's Aadhaar: 1.3 billion biometric records
- US IDENT/HART: 300+ million fingerprint records
- China: Billions of facial recognition records from surveillance
Protection
- Avoid providing biometric data to services that don't absolutely require it
- Use on-device biometrics (Face ID, Touch ID) where data stays on your device
- Oppose mandatory biometric databases
- Support legislation requiring biometric data protection
- Prefer services that process biometrics locally rather than sending to a server
Related Terms
Biometric Authentication
Using physical characteristics like fingerprints, face geometry, iris patterns, or voice to verify identity.
Biometrics
Authentication using unique physical or behavioral characteristics like fingerprints, facial features, iris patterns, or voice. While convenient, biometrics have a fundamental problem: you can't change them if compromised.
Facial Recognition
Technology that identifies or verifies individuals by analyzing facial features from photos or video footage, increasingly used for mass surveillance.
Have more questions?
Use our guided flow to get the right next privacy step for Biometric Database.
Open Guided Flow