Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

OneZero

OneZero is a former publication from Medium about the impact of technology on people and the future. Currently inactive and not taking submissions.

Follow publication

The Era of DNA Database Hacks Is Here

A major data breach shows genetic information is vulnerable to attack

Emily Mullin
OneZero
Published in
6 min readJul 30, 2020

--

A close up of a gloved hand holding up a DNA autoradiogram next to a petri dish to illustrate genetic research.
Photo: Tek Image/Science Photo Library/Getty Images

On the morning of July 19, hackers accessed the online DNA database GEDmatch and temporarily allowed police to search the profiles of more than 1 million users that were previously not accessible to law enforcement. GEDmatch is a genealogy tool that allows users to upload their DNA profiles generated from genetic testing services like 23andMe, Ancestry, and MyHeritage and search for relatives.

It took three hours until GEDmatch became aware of the breach and pulled the site offline completely. Users have to give permission for their profiles to be included in police searches, but the breach overrode privacy settings and made user profiles on the site visible to all other users, including law enforcement officials who use the site.

“Our banks are always being probed, our DNA will probably be probed, too.”

The breach is likely to erode users’ trust in the database, which has become a valuable law enforcement tool for solving cold cases, like the high-profile Golden State Killer case. It may also be a sign of what’s to come: more attempted hackings of DNA databases, which contain a wealth of extremely personal information, like family relationships, ancestry, and potential health risks.

“Our banks are always being probed, our DNA will probably be probed, too,” says Leah Larkin, PhD, a genealogist and genetic privacy advocate who runs The DNA Geek, a company that helps people locate relatives.

In a July 20 statement on its website, Verogen, the San Diego forensic genetics firm that acquired GEDmatch in December, said there is no evidence that any user data was compromised or downloaded during the breach. But on July 21, genetic testing company MyHeritage reported in a blog post that the hackers appeared to have retrieved user emails from GEDmatch to orchestrate another attack. MyHeritage said perpetrators set up a fake MyHeritage website and sent a phishing email to users to log in to the website, ostensibly so the hackers could steal passwords.

At least 16 people fell victim to the fake website. MyHeritage says it has attempted to contact the more…

--

--

OneZero
OneZero

Published in OneZero

283K Followers
Last published Apr 18, 2022

OneZero is a former publication from Medium about the impact of technology on people and the future. Currently inactive and not taking submissions.

Emily Mullin
Emily Mullin

Written by Emily Mullin

21K Followers
373 Following

Former staff writer at Medium, where I covered biotech, genetics, and Covid-19 for OneZero, Future Human, Elemental, and the Coronavirus Blog.

Responses (1)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech