Interesting comment towards the bottom of the article is the establishment of a system that would lower the number of databases that would house your biometrics. Maybe a digital medical record that also stores our biometrics and can only be accessed with our prior approval?
Well written article. The best point mentioned, "we need some kind of unified platform where we limit the numbers of parties who actually hold such data, with others accessing those trusted holders on an “as a service” basis." The notion of least privilege and access control never grow old.
I like the Guardian article better, but there still seem to be lots of questions to ask.
A million people (maybe only a million UK citizens?) but more than 28 million records?
And, as Forbes points out, this is biometric data: you can't exactly change your password. A fairly huge hit impacting the use of biometric data itself. With the number of individuals affected by this, you start to get to the point that you have to make alternative access control arrangements for a significant section of the population ...
And the irony that this was a company that provided security services to police, defence agencies, and banks? Who watches the watchers who are watching the watchers?
(OK, in this case it seems to be research and possibly not a real breach, but still ...)