Hackers could one day steal your DNA to resell on the black market, and they may not have a hard time doing it. DNA Diagnostics Center (DDC), a genetic testing firm based in Ohio, now confirms that it suffered a data breach that affected over two million people. And what’s worse, it took the company six months to notice and disclose this breach.
The good news is that hackers only stole backup data from the DDC. This data dates from 2004 to 2012 and contains no genetic information. But hackers did obtain the full names, credit card numbers (and CVVs), financial account numbers, and account passwords for some individuals. While much of this info is now outdated, hackers could still use it to steal your identity.
Additionally, the DDC says that this backup data came from an unnamed “national genetic testing organization.” The company is now mailing letters and giving out free Experian identity theft services to affected individuals, most of which are not DDC customers or Ohio residents.
If it seems like the DDC lucked out here, that’s because it totally did. This data breach is probably not an immediate threat to those who are affected, and hackers didn’t gain access to any genetic information.
But genetic testing firms should never fall victim to hackers, and the DDC’s slow response to this breach is alarming. The company says it was hacked between May 24th and July 28th, but it only noticed the problem on August 6th and concluded its investigation on October 29th. Why did it take the DDC three months to finish its investigation into this breach? And why are we only hearing about it now, a month after the company’s investigation finished?
We’re now stuck wondering if our genetic data is properly secured by DNA testing firms. Admittedly, hackers don’t have a lot of use for this data today, but it could soon become a valuable asset on the black market. You could use genetic data to blackmail someone, for example, or commit insurance fraud.
And as many cybersecurity experts warn, stolen genetic data could find its way to insurance companies (especially if it’s shared on a public forum). If insurance companies build a large database of genetic information, they will have a much easier time turning away customers with pre-existing conditions or genetic dispositions for illnesses like Alzheimer’s.
So, what can you do about the DDC data breach? While the company’s statement is a bit vague, it suggests that you call 1-(855)-604-1656 if you received a relationship test (for personal or legal reasons) between 2004 and 2012.
Source: DDC via Bleeping Computer