GEDmatch Data Breach Exposes Users’ DNA Data to Law Enforcement Agencies – Expert Commentary

This afternoon, it was confirmed that GEDmatch, the DNA analysis site best known for catching the Golden State Killer, has experienced a data breach that caused user profiles to become available to law enforcement searches. Typically, the site allows users to opt-in for their DNA to be included in police searches, but this breach changed these settings on user accounts without their permission.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mark Bagley
Mark Bagley , VP of Product
InfoSec Expert
July 23, 2020 7:53 am

This breach is particularly alarming due to the highly sensitive nature of the data users entrusted to the platform. A person’s DNA profile is unique and unchangeable, and customers’ data was shared without their consent. Additionally, the attack sheds light on how hackers have become more creative with their motives, targeting organizations not only for monetary gain but also for powerful information.

Even more alarming is that GEDmatch was breached twice over the course of two days, revealing a major lapse in their cybersecurity strategy. An active approach for quantifying the performance of defenses in the face of known adversary behavior is imperative. This should include continuous testing of security environments to address defensive gaps before they can be exploited by an adversary.

Last edited 2 years ago by Mark Bagley
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x