Re: "Biometrics." It's a security "feature"
If I've read the article and breach notice correctly, the malware was on the kiosks - and was therefore operating at the point of collection.
In that case it depends on how much the sensor does in firmware, but that still exposes recorded users on any platform that uses the same sensors (read: accepts the same data format) and which can be accessed electronically. *Not* good indeed.