A DNA Database Containing Data From 23andMe and Ancestry Is Vulnerable to Attacks
People uploaded their DNA to GEDmatch to find relatives, but now their personal data could be accessed by hackers
By one estimate, more than 26 million people have mailed their saliva in a plastic tube to get their DNA analyzed by genetic testing companies like 23andMe, AncestryDNA, MyHeritage, and Family Tree DNA. And more than a million of them have also uploaded their genetic information to a popular third-party website called GEDmatch to see what DNA they have in common with others in the database.
Now, computer scientists at the University of Washington have revealed that using GEDmatch comes with serious security risks. In a paper posted this week, researchers demonstrated that it’s possible to extract genetic details of any individual in the database, leaving their data vulnerable to leaks or hacks. As more people take DNA tests and third-party genetic genealogy databases grow, the risk of new kinds of biological and cyber attacks also increases. In the wrong hands, a person’s genetic data can be used for discrimination or extortion, and the implications are even greater if entire databases are leaked.