DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

By   ISBuzz Team
Writer , Information Security Buzz | Dec 02, 2021 04:53 am PST

It has been reported that DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021. The information that the hackers accessed includes the following:

  • Full names
  • Credit card number + CVV
  • Debit card number + CVV
  • Financial account number
  • Platform account password

The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today. “The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012.” reads the notice.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ken Westin
Ken Westin , Director, Security Strategy
December 2, 2021 12:54 pm

<p>When we hear about a breach of a DNA testing company, generally there is a reason to be concerned, as the immediate question is “have the hackers stolen DNA data from the actual customers? And if they have, what can they do with it? In the case of the recent DNA Diagnostics Center breach, the actual DNA data was not compromised, and exposure of data was limited to name, Social Security Number and payment information. However, the cause for alarm is justified, as many of the popular DNA testing companies not only provide information about your family history, but also predisposition of medical conditions. If this information is compromised. many fear that the data could be used in targeted ransom type scenarios to expose people’s medical conditions, or leaked to the public and misused by insurance companies or other entities. Many of these DNA testing companies also anonymise the data and share with third parties, such as pharmaceutical companies and other research entities, which can increase the likelihood of this data being compromised. Unlike other types of data that is often compromised, such as credit cards, your DNA can’t be changed, once the data is compromised there is no getting it back and no amount of credit monitoring will help.</p>

Last edited 2 years ago by Ken Westin

Recent Posts

Would love your thoughts, please comment.x