British security company Amberstone Security, known for its expertise in security systems, recently fell victim to a data breach, exposing nearly 1.3 million documents to the public. Information security researcher Jeremeya Fowler brought this breach to light.
Among the leaked data were photos of the company’s security guards and suspects involved in various offenses, such as theft in retail stores. Additionally, the database included an extensive collection of photographs of security guards’ identification cards dating back to 2017. These cards, issued by the British Private Security Office (SIA), contained personal details like names, photographs, expiration dates, and sometimes even personal signatures of the guards.
Fowler warned that cybercriminals could exploit this stolen information to create fake identities and gain unauthorized access to the company’s protected premises. He highlighted SIA’s plans to introduce biometric technology into identification cards soon, although an exact timeline has not been set.
Aside from the guards’ photos, the database also stored images of suspects captured on video cameras or photographed by security personnel post-alleged crimes. These photos were accompanied by details about the suspects, including their names, dates of birth, and the charges they faced.
Some leaked documents contained intricate descriptions of how the crimes were carried out, revealing elaborate schemes employed by suspects to obtain cash from stores. Upon discovering the data breach, Amberstone Security promptly secured the database and launched an investigation in collaboration with the platform’s developer and service provider.
Responding to media inquiries, the company assured that it had taken swift action to prevent similar incidents in the future, asserting its commitment to fulfilling all regulatory obligations.