(Bloomberg) -- The Adecco Group told Belgium’s privacy regulator that the breach of a security platform run by South Korea’s Suprema ID Inc. compromised the biometric data of some 2,000 employees of its Belgian unit.
The breach of Suprema’s BioStar 2 system affected data including fingerprints and facial recognition details of Adecco employees, the country’s data protection authority said in a statement Wednesday.
The regulator said it’s in touch with Adecco to check the “seriousness of this breach.” A spokeswoman for Suprema declined to comment.
An Adecco spokeswoman confirmed that staff data was compromised and that it is "investigating this supplier data breach.”
Suprema had tried to soothe concerns on Tuesday, saying in a statement that fewer users were at risk of having been affected than initially thought.
"We launched an internal investigation and immediately closed the access point," Suprema said. "In addition, we have also engaged a leading global forensics firm to conduct an in-depth investigation into the incident"
Once lost, data such as digital fingerprints are nearly impossible to retrieve. Cybercriminals, state-sponsored actors and terrorist organizations might be particularly interested in getting their hands on this sort of information, according to security experts.
“This concerns the loss of control of extremely sensitive data of no fewer than 2,000 people,” David Stevens, president of the Belgian watchdog, said in the statement. He said it’s their duty “to shed light on this.”
Under General Data Protection Regulation, European-based companies are required to report a breach if there is a "high risk" of impacting personal data.
(Added additional context.)
To contact the reporters on this story: Stephanie Bodoni in Brussels at email@example.com;Ali Ingersoll in London at firstname.lastname@example.org
To contact the editors responsible for this story: Anthony Aarons at email@example.com, ;Giles Turner at firstname.lastname@example.org, Stefan Nicola
©2019 Bloomberg L.P.