Biometric data physically describes you and is thus the most personal of Personally Identifiable Information (PII).
Tokenizing biometric data such as fingerprint templates, iris recognition templates, and facial recognition data removes this critical PII data from your servers and ensures data separation between your systems and your customer's most private information.
One of the first significant fingerprint template thefts (5.6 million) was announced in 2015 at the US Office of Personnel Management (OPM). There is some debate as to how useful stolen fingerprint templates are (see Scientific American, What Could Criminals Do with 5.6 Million Fingerprint Files?)
In August 2019, the Suprema BioStar 2 service was breached, exposing biometric data for over 5,700 organizations in 83 countries.
Tokenizing biometric data is about more than just hiding it. It's about data separation; storing different pieces of personally identifiable information in different locations and ensuring that the chunks of data stored off-site in the tokenization service are too small to be used for personal identification.
Auric Systems International has increased the amount of data you can store in a single token to 11,000 bytes. This size is sufficient for storing a wide range of biometric data, including fingerprint templates, iris recognition templates, facial recognition data, and even small original facial images.