Outabox data breach exposes 1m biometric records