Skip to main content

Intelligence Briefs

Biometric data hacking: A warning for brands and consumers

Industry Contributor

Teresa Davis, Associate Professor, Marketing
University of Sydney Business School

14 October 2019 2min read

Biometric data is individually unique, this makes it perfect for cyber security, but also impossible to change, so once hacked, there is little recourse: individuals cannot change their biometric or DNA like they can passwords. Individual vigilance is key to staying safe in this biometric world. Implications for companies that store consumer biometric data are enormous (Madhumita Murgia, Financial Times).


Key points

  • Biometric data such as fingerprints, iris, voice, gait, facial recognition, expressions and physical DNA, are uniquely individual, and can identify an individual with amazing accuracy
  • Use of such data is increasing for commercial security use. Voice, facial, fingerprint recognition passwords are used by banking, computer, housing industries
  • While it makes for unique security markers, databases held by companies can be hacked, and since biometric data cannot be changed, once hacked, can result in identity theft of irreversible proportions
  • Individuals must be hyper vigilant about giving up any part of their individual biometrics. Companies storing consumers' biometrics need voice or facial hashing/ pixilation technology to prevent hackers hijacking and engaging in this particularly personal identity theft.

My Takeout

Murgia presents several cautionary tales about the danger of storing biometric data that are rather chilling.

For example, Ogilvy & Mather in Hong Kong in 2015 ran an anti-littering campaign, using DNA left on chewing gum, used tissues, cigarette butts. With people's permission they constructed computer generated likenesses of the 'litterers' from their physical DNA, placing them on billboards all over town.

Eye, hair and skin colour were completely accurate as were face shape, ethnicity, and gender.

In August 2019 Suprema, a UK Company that that provides a platform for biometric recognition to UK banks, government and the Metropolitan police found a leak of more than million fingerprint and facial recognition data on one of their public websites. Suprema is also used through Nedap by over 5,000 organisations in over 80 countries.

The scale of harm from potential breaches/hacks is enormous and could be irreparable to reputations and lives.

Other examples the Aadhar card in India (biometric data ID card of all Indian citizens) also linked to their banking ID, or the collection of biometric data from refugees to the Democratic Republic of Congo by the UNHCR which opens up the potential for surveillance and misuse of population level data by hackers or unauthorised groups. 

Amazon Echo and Google Home recognise voices and patterns of choices associated with that voice which can potentially be used by hackers as much as marketers.

The alleged Golden gate killer, Joseph James DeAngelo, was caught by matching DNA at the crime scene to  DNA of a relative submitted to a genetic open source database called GEDmatch (used for research). A good outcome, one could argue, but could be just as easily used by criminals with negative outcomes.

Finally, a seemingly strange example cited by Murgia is P&G and Alphabet's Verily, which has created diapers that collect sleep, urine pattern data from babies to alert parents through a phone app.

It is not fully clear how this data can help parents, but the data is linked to individual baby profiles containing name, gender, age and even profile pictures, so like Fitbit data, it could prove to be a hackers' dream. 

It is time for consumers and marketers to think very carefully about the usage, storing and unregulated security of such personal, intimate, and unique DNA related data. The responsibility is enormous, your fingerprints are not a temporary password that can be reset if hacked.

Let’s go. What do you think?

Industry Contributor

Teresa Davis, Associate Professor, Marketing
University of Sydney Business School

Teresa is an Associate Professor of Marketing at the University of Sydney Business School. Teresa's main research interests lie in two areas: the first is in children as consumers, of particular interest is the relationship between advertising and the digital marketing of food to children. The second area is culture and consumption. 

Teresa has published articles in Marketing Theory, European Journal of Marketing, Sociology, Journal of Marketing Management, Consumption Markets and Culture and others. Her teaching interests lie in Consumer Behaviour, and Social Marketing.

Teresa is Co-Convenor of the Australian Food, Culture and Society Network and a Partner Investigator of Leverhulme International Research Network Grant Project: Discursive Families project.

Market Voice

17 November 2019 4min read

How media - and marketers - can ignite ‘Smart Cities’ mega trend

Brands and companies talk a lot about purpose and community. Here’s a progressive, real-world blueprint that engages 8.8 million Australians, 14.5 million domestic flyers and half of our top 10 online shopping postcodes. Strangely, they’ve been largely invisible until now. Here’s why and what we can do.

Go deeper 4min read

Noel Cook

Chief Commercial & Operations Officer, oOh! Media

17 November 2019 4min read

Melbourne Cup Carnival: Multiplatform audience and coverage analysis; Sponsors on integration, experiential marketing strategies; 2021 outlook

Network 10 has just finished it first year in a five-year Melbourne Racing Carnival partnership, revealing its strategic plans for experiential and multiplatform integration with brand partners including Lexus, Myer, Harvey Norman, ZYRTECR, Tabcorp and Kennedy Luxury Group.

Go deeper 4min read

Network 10