GEDmatch Data Breach Exposes Users’ DNA Data to Law Enforcement Agencies – Expert Commentary

This afternoon, it was confirmed that GEDmatch, the DNA analysis site best known for catching the Golden State Killer, has experienced a data breach that caused user profiles to become available to law enforcement searches. Typically, the site allows users to opt-in for their DNA to be included in police searches, but this breach changed these settings on user accounts without their permission.

Experts Comments

July 23, 2020
Mark Bagley
VP of Product
AttackIQ
This breach is particularly alarming due to the highly sensitive nature of the data users entrusted to the platform. A person’s DNA profile is unique and unchangeable, and customers’ data was shared without their consent. Additionally, the attack sheds light on how hackers have become more creative with their motives, targeting organizations not only for monetary gain but also for powerful information. Even more alarming is that GEDmatch was breached twice over the course of two days,.....Read More
This breach is particularly alarming due to the highly sensitive nature of the data users entrusted to the platform. A person’s DNA profile is unique and unchangeable, and customers’ data was shared without their consent. Additionally, the attack sheds light on how hackers have become more creative with their motives, targeting organizations not only for monetary gain but also for powerful information. Even more alarming is that GEDmatch was breached twice over the course of two days, revealing a major lapse in their cybersecurity strategy. An active approach for quantifying the performance of defenses in the face of known adversary behavior is imperative. This should include continuous testing of security environments to address defensive gaps before they can be exploited by an adversary.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.