Cybersecurity of biometric data storage at sports facilities and the irreversibility of leaks

Introduction. This article examines the cybersecurity of biometric storage systems at sports venues with the aim of assessing the nature and consequences of leaks, establishing the degree of irreversibility of biometric template compromise, and proposing practical risk mitigation measures. Materials and methods. The study is based on a comparative analysis of storage architectures, a review of documented incidents (including massive leaks of verification platforms), a review of regulatory requirements, and data on attack vectors in multi-node infrastructures. The relevance of this work is dictated by the widespread adoption of "face-as-pass" systems and the integration of biometrics into payments and loyalty programs, which transforms the turnstile into a central hub for commercial and identification risk. It is shown that modern methods of reconstruction from hashed vectors and extensive cross-matching capabilities make compromises long-term and systemic. Results and discussion. The novelty lies in the synthesis of leak empirical data and technological analysis, with a proposal for an applied security architecture—a combination of revocable tokenization, hardware-based key storage, and verification in secure computing areas—and a product-based formulation of a set of organizational measures (microsegmentation, red-teaming, contractual discipline, and data minimization). Conclusion. The key conclusion is that biometric templates form a critical "point of failure," the damage from which is cumulative and virtually irreversible; technical countermeasures without robust organizational practices and ongoing risk management are insufficient. This article will be useful for arena operators, biometric solution providers, cybersecurity teams, regulators, and privacy researchers.

1. Haskins C. Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports [Электронный ресурс]. WIRED. 21.08.2024. URL: https://www.wired.com/story/facerecognition-stadiums-protest/ (дата обращения: 23.07.2025).

2. Kapustka P. Wicket’s facial authentication technology a ticket to success for Cleveland Browns [Электронный ресурс]. Stadium Tech Report. 28.02.2024. URL: https://stadiumtechreport.com/feature/wickets-facial-authentication-technology-a-ticket-to-success-forcleveland-browns/ (дата обращения: 24.07.2025).

3. Introducing NEC’s Digital ID For Stadiums And Sporting Arenas [Электронный ресурс]. NECAM. URL: https://www.necam.com/digitalid/stadium/ (дата обращения: 25.07.2025).

4. Taylor J. Major breach found in biometrics system used by banks, UK police and defence firms [Электронный ресурс]. The Guardian. 14.08.2019. URL: https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-usedby-banks-uk-police-and-defence-firms (дата обращения: 26.07.2025).

5. Pearson J. A Face Recognition Firm That Scans Faces for Bars Got Hacked—and That’s Just the Start [Электронный ресурс]. WIRED. 02.05.2024. URL: https://www.wired.com/story/outabox-facialrecognition-breach/ (дата обращения: 27.07.2025).

6. ENISA. ENISA Threat Landscape 2023 [Электронный ресурс]. 2023. URL: https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Threat%20Landscape%202023.pdf (дата обращения: 28.07.2025).

7. Reuters. Amazon’s palm print recognition raises concern among U.S. senators [Электронный ресурс]. Reuters. 13.08.2021. URL: https://www.reuters.com/technology/amazons-palm-printrecognition-raises-concern-among-by-us-senators-2021-08-13/ (дата обращения: 29.07.2025).

8. Europol. Biometric vulnerabilities: Ensuring future law enforcement preparedness [Электронный ресурс]. 2025. URL: https://www.europol.europa.eu/cms/sites/default/files/documents/Biometricvulnerabilities.pdf (дата обращения: 30.07.2025).

9. Meyer C. No Spoofing: An Introduction to Presentation Attack Detection [Электронный ресурс]. Security Management (ASIS Online). 2024. URL: https://www.asisonline.org/securitymanagement-magazine/articles/2024/08/biometrics/presentation-attack-detection/ (дата обращения: 31.07.2025).

10. Valenzuela A., Tapia J. E., Chang V., Busch C. Presentation Attack Detection using iris periocular visual spectrum images. Frontiers in Imaging. 2024. Т. 3. DOI: 10.3389/fimag.2024.1478783

11. Qandeel M. Facial recognition technology: regulations, rights and the rule of law // Frontiers in Big Data. 2024. Т. 7. DOI: 10.3389/fdata.2024.1354659

12. Burt C. Alarming gains in face reconstruction from biometric templates made by researchers [Электронный ресурс]. Biometric Update. 16.05.2025. URL: https://www.biometricupdate.com/202505/alarming-gains-in-face-reconstruction-from-biometrictemplates-made-by-researchers (дата обращения: 01.08.2025).

13. More Than Facial Recognition [Электронный ресурс]. Carnegie Mellon University (CMU). 2011. URL: https://www.cmu.edu/homepage/society/2011/summer/facial-recognition.shtml (дата обращения: 02.08.2025).

14. Senette C., Siino M., Tesconi M. User Identity Linkage on Social Networks: A Review of Modern Techniques and Applications. IEEE Access. 2024. Т. 12. С. 171241–171268. DOI: 10.1109/access.2024.3500374

15. Kessem L. 2025 Cost of a Data Breach Report: Navigating the AI rush without sidelining security [Электронный ресурс]. IBM. 30.07.2025. URL: https://www.ibm.com/think/x-force/2025-cost-of-adata-breach-navigating-ai (дата обращения: 04.08.2025).

16. European Central Bank. Study on the payment attitudes of consumers in the euro area 2024 [Электронный ресурс]. 19.12.2024. URL: https://www.ecb.europa.eu/stats/ecb_surveys/space/html/ecb.space2024~19d46f0f17.en.html?utm_source=chatgpt.com (дата обращения: 05.08.2025).

17. Kapustka P. Survey says: Almost half of venues see biometric technology as a top initiative for 2025 [Электронный ресурс]. Stadium Tech Report. 20.11.2024. URL: https://stadiumtechreport.com/feature/survey-says-almost-half-of-venues-see-biometric-technology-as-atop-initiative-for-2025/ (дата обращения: 07.08.2025).

18. Regulation (EU) 2016/679 of the European Parliament and of the Council [Электронный ресурс]. Official Journal of the European Union. 2016. URL: https://eur-lex.europa.eu/legalcontent/EN/TXT/PDF/?uri=CELEX%3A32016R0679 (дата обращения: 08.08.2025).

19. European Commission. AI Act [Электронный ресурс]. 2025. URL: https://digitalstrategy.ec.europa.eu/en/policies/regulatory-framework-ai (дата обращения: 09.08.2025).

20. ISO. ISO/IEC 30107-3:2023 [Электронный ресурс]. 2023. URL: https://www.iso.org/standard/79520.html (дата обращения: 09.08.2025.