DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

It has been reported that DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021. The information that the hackers accessed includes the following:

  • Full names
  • Credit card number + CVV
  • Debit card number + CVV
  • Financial account number
  • Platform account password

The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today. “The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012.” reads the notice.

Experts Comments

December 02, 2021
Ken Westin
Director, Security Strategy
Cybereason

When we hear about a breach of a DNA testing company, generally there is a reason to be concerned, as the immediate question is “have the hackers stolen DNA data from the actual customers? And if they have, what can they do with it? In the case of the recent DNA Diagnostics Center breach, the actual DNA data was not compromised, and exposure of data was limited to name, Social Security Number and payment information. However, the cause for alarm is justified, as many of the popular DNA

.....Read More

When we hear about a breach of a DNA testing company, generally there is a reason to be concerned, as the immediate question is “have the hackers stolen DNA data from the actual customers? And if they have, what can they do with it? In the case of the recent DNA Diagnostics Center breach, the actual DNA data was not compromised, and exposure of data was limited to name, Social Security Number and payment information. However, the cause for alarm is justified, as many of the popular DNA testing companies not only provide information about your family history, but also predisposition of medical conditions. If this information is compromised. many fear that the data could be used in targeted ransom type scenarios to expose people’s medical conditions, or leaked to the public and misused by insurance companies or other entities. Many of these DNA testing companies also anonymise the data and share with third parties, such as pharmaceutical companies and other research entities, which can increase the likelihood of this data being compromised. Unlike other types of data that is often compromised, such as credit cards, your DNA can’t be changed, once the data is compromised there is no getting it back and no amount of credit monitoring will help.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.