90,000 fans facial data leaked by just watching a game in a stadium

An unusual cybersecurity incident could compromise nearly 100,000 people. Last January, more than 90,000 fans showed up for a college football game, held at the Rose Bowl in Pasadena, California.

Through a facial recognition system, a technology company would have recorded the identifications of each of the fans, capturing data such as age, sex, criminal record, among others, all without the consent of the attendees of the event.

A report revealed by Fox News states that while attendees at the Oregon Ducks-Wisconsin Badgers encounter were searching for their respective seats, a system consisting of at least four sophisticated hidden cameras was carefully recording everyone. These cameras belong to the Philadelphia-based company VSBLTY.

Apparently, these cameras searched the faces of the fans, as well as searching for personal details: “This is a troubling and illegal act,” says one of the attendees at the event.

“I had no idea that they were using that kind of technology in the game, nor did they inform me that it would be analyzed by that technology,” California’s Benjamin Mercke told a researcher on OneZero news platform.

In this regard, the Philadelphia company explains that the cameras did not intend to cause fear or harm to the people who attended the event. A VSBLTY representative argues that this was only an experiment for audience analysis whose sole purpose was to obtain the information needed to improve the consumer experience of fans: “Data collection at this kind of event, in combination with machine learning techniques, can help improve the operational efficiency and logistics of places like this one” the representative mentioned.

The company also mentioned that the cameras were only used on the way to the stadium, specifically in the known area where the “fan fest” was held. Regardless of the purposes pursued by companies, it is extremely worrying that users are not notified about these activities, Mercke added.

This week, the cybersecurity community reported that Microsoft, which offers a similar recognition system to some law enforcement agencies, will soon stop providing such services, so police forces will have to resort to traditional investigative methods or create their own facial recognition tools: “We’ve focused on this for two years and finally we’ve decided that we won’t sell facial recognition technology to police departments in the United States, at least until we have a national law regulating its use with adherence to human rights.”

Other technology companies may implement similar measures in the future.