DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People
DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons.
The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, and the firm concluded its internal investigation on October 29, 2021.
The information that the hackers accessed includes the following:
- Full names
- Credit card number + CVV
- Debit card number + CVV
- Financial account number
- Platform account password
The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today.
“The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012.” reads the notice.
“DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC.”
DDC is working with external cyber-security experts to regain possession of the stolen files and ensure that the threat actor won’t propagate them further. So far, there have been no reports of fraud or improper use of the stolen details.
The affected individuals will receive a notification letter and instructions on enrolling for one year of free credit monitoring and identity theft protection services through Experian.
The recipients of these notices are advised to remain vigilant against frauds and monitor their bank account statements frequently to identify and report suspicious activity immediately.
DDC underlines that no genetic testing data has been exposed due to the data breach incident, as this is stored in a different system.
The company offers paternity, DNA relationship, fertility, COVID-19, ancestry, and testing for immigration purposes, so they are holding very sensitive data.
According to the notice though, nothing relevant to these services has been compromised.
We have reached out to DCC to request more details about the nature and impact of the hacking incident, and we will update this piece as soon as we have a response.