Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Website Security Breach Exposes 1 Million DNA Profiles

A genealogy website used to catch one of California’s most wanted serial killers remained shut down Thursday after a security breach exposed the DNA profiles of more than a million people to law enforcement agencies.

A genealogy website used to catch one of California’s most wanted serial killers remained shut down Thursday after a security breach exposed the DNA profiles of more than a million people to law enforcement agencies.

GEDmatch said in a message emailed to members and posted Wednesday on its Facebook page that on Sunday a “sophisticated attack” on their servers through an existing user account made the DNA profiles of its members available for police to search for about three hours.

“We became aware of the situation a short time later and immediately took the site down,” GEDmatch said.

GEDmatch briefly resumed but shut down again after it was the target of a second breach on Monday when all user permissions were set to opt-in to law enforcement matching, the company said.

“We can assure you that your DNA information was not compromised, as GEDmatch does not store raw DNA files on the site,” the company said. “When you upload your data, the information is encoded and the raw file deleted. This is one of the ways we protect our users’ most sensitive information.”

The company said it was informed Tuesday that customers of MyHeritage, an Israel-based genealogy website, that are also GEDmatch users were the target of a phishing scam.

The site remained down on Thursday with a message reading “The gedmatch site is down for maintenance. Currently no ETA for availability.”

GEDmatch made headlines in 2018 when it helped investigators in California identify Joseph James DeAngelo, also known as the Golden State Killer. DeAngelo is suspected of being the sadistic attacker who killed 13 people and raped nearly 50 women in California during the ’70s and ’80s.

Advertisement. Scroll to continue reading.

DeAngelo last month pled guilty to dozens of crimes in return for being spared the death penalty.

As of 2019, than 1.2 million people have used GEDmatch’s free service to upload data profiles from different DNA testing companies such as Ancestry and 23andme, and compare their autosomal DNA data files with others, KPIX-TV reported.

The service has become a huge help for genealogists and people seeking to build their family trees by allowing one-to-one, one-to-many X-DNA comparisons and other useful matrices.

Related: Beauty and the Breach: Estée Lauder Exposes 440 Million Records in Unprotected Database

Related: Millions of Digital Wallets Exposed by Key Ring

Related: Unprotected Medical Systems Expose Data on Millions of Patients

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.