Biometric data breaches could kick off a global banking crisis, warns cybersecurity veteran

    June 23, 2025
    A successful and large-scale attack to expose a bank’s customer biometric data could kick off the next financial crisis.
    68599c594da31b1d7626ab83 Programmertypingcomputerfixsoftwarevulnerabilities

    Michael Marcotte, the founder, chairman, and CEO of enterprise-grade digital authentication firm artius.iD, was warned that a successful biometric data breach at a leading bank could put us on the brink of the next global financial crisis.

    The intervention follows recent comments by the CEO of HSBC UK, Ian Stuart, who last month told UK policymakers the bank is “being attacked all the time” by online criminals, leading to cybersecurity becoming the bank's biggest expense, amounting to hundreds of millions of pounds (The Guardian). This highlights the imminent danger banks are currently facing and the necessity for urgent action.

    But Marcotte, who co-founded the US National Cybersecurity Center and chaired its Rapid Response Center, thinks the risk posed by banks’ biometric data is flying under the radar. Banks are currently storing this data in a centralized way, providing a single avenue through which hackers can expose vast volumes of highly sensitive data.

    He argued that a large-scale breach of this data could lead to group litigation from customers on a scale large enough to destabilize a bank and the wider financial ecosystem—and urged banks to decentralize this data by pushing it onto customers’ devices.

    Michael Marcotte, founder, chairman, and CEO of artius.iD, said, “Banks are spending hundreds of millions to bolster their cyber defenses—everything from zero trust architecture to AI-driven threat detection and even quantum-resistant cryptography. But sometimes it’s far better, and vastly cheaper, to remove the need for protection in the first place. 

    “The reams of biometric data banks are storing right now on centralized systems are a big red bullseye for hackers. It offers a single vector through which one successful attack could deal catastrophic damage. This is the biggest cyber threat banks face today—and yet bank executives and their regulators are largely blind to it.

    “The operational and reputational costs to a bank of a large-scale biometric data hack would be enormous—but this would be nothing compared to the cost of the group litigation they could be hit with by the customers whose fingerprints and facial and vocal data are breached. If this were to happen at a JPMorgan or an HSBC, it would bring them to their knees, and the fallout for our entire global banking system could be apocalyptic.

    “And yet the solution is simple. All that’s needed to de-risk this data is to decentralize its storage—pushing it onto customers’ own devices where it belongs. The technology is available to do this—and we need to see the banking industry catch up and stop putting our biometric data and our financial security at risk.”

    AI is Transforming Identity Security–But Are Organizations Keeping Up?
    Zyabich /iStock / Getty Images Plus / Getty Images
    How users swipe and tap on mobile devices creates unique behavioral patterns that can help verify their identity.