BACKGROUND:
It has been reported that DNA Diagnostics Center (DDC), a US-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021. The information that the hackers accessed includes the following:
- Full names
- Credit card number + CVV
- Debit card number + CVV
- Financial account number
- Platform account password
The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today. “The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012.” reads the notice.
<p>You can change your phone number, your address, your credit cards, and your user names and passwords, but your DNA will always be your DNA. That makes news of a data breach at DDC especially alarming. While DDC maintains that genetic data was not accessed, the leak involves user names, credit card details, and passwords for 2.1 million people.</p>
<p>A holistic approach to application security can prevent incidents like this. For sensitive data like DNA, defenses should be applied in layers. This is only effective when security is part of the application design from the very beginning. During development, rigorous security testing helps to minimise vulnerabilities. When the application is deployed, continuous monitoring and quick response to incidents helps keep risk to a minimum.</p>