HTC stored images of users' fingerprints as world-readable files. This isn't even the problem. The real problem is: why were they storing images of fingerprints at all? If you are going to store them, you had damned well better one-way hash them and store the hashes instead. In fact, you should only be storing hashes of feature vectors, not of the prints themselves. You should only ever compare hash-to-hash, not fingerprint-to-fingerprint. You can do this using graph comparison algorithms instead of image comparisons.