Data Breach

Multiple Genetic Testing Companies Data Breach

5.0M records exposed • February 2024

Hackers used stolen passwords to break into DNA testing accounts from multiple companies, stealing genetic information and health data from millions of people.

What Happened

A coordinated campaign targeted genetic testing companies through credential stuffing, aggregating genetic and health data on millions of users.

Attack method: Credential stuffing and data aggregation

What Data Was Exposed

Genetic data, Health information, Family trees, Ethnicity estimates

Is your business exposed?

What to Do If You're Affected

1.
Change passwords on genetic testing accounts
2.
Review and download your genetic data
3.
Consider the implications of genetic data exposure

Lessons for Businesses

• Genetic data is permanently sensitive
• DNA databases are attractive targets
• Strong authentication for sensitive accounts is essential

Sources

https://www.ftc.gov/business-guidance/blog/genetic-information

Related Breaches

23andme, 23andme 2023

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required