When the infamous bank robber, Willie Sutton, was asked why he robbed banks, he replied simply, “because that’s where the money is.” If fingerprints are Coronado’s illusive “gold standard” than Fort Knox was robbed in 2015. The Washington Post reported that “[o]ne of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management (OPM) just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks.” The implications on what can be done with hacked fingerprints are rather significant.
OPM is not the only fingerprint database subject to hacking. A recent major security flaw was exposed in Android phones allowing hackers access to fingerprint information on these devices. In 2013, “[t]he biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple’s TouchID using easy everyday means.” In 2002, “[a] Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.”