'Bionanotechnology from Theory to Practice' is a short online, course providing an interdisciplinary and up-to-date overview of the rapidly developing area of bionanotechnology
Page URL: https://www.bionews.org.uk/page_136360

Data breach sparks DNA test privacy concerns

11 June 2018
Appeared in BioNews 953

Genealogy service MyHeritage has revealed that some of their user account data has been hacked. 

Concerns over the safety of DNA testing services were raised last week, when email addresses and hashed passwords of more than 92 million users were found by an independent security expert on a private server located outside of the company. This caused particular alarm as MyHeritage also offers consumer genetic tests, although there is no evidence to suggest that any sensitive genetic information was compromised.

'When you put DNA and privacy together in a sentence, understandably and correctly, it makes people nervous', Laura Hercher, director of research in Human Genetics at Sarah Lawrence College, New York, told Stat News.

The MyHeritage security team reported that DNA information is stored on a segregated system, behind additional layers of security, and that payment information is hosted via third-party billing services. As the passwords stored were hashed – a process which converts passwords to seemingly random characters – MyHeritage claims it is unlikely that hackers have been able to use the email addresses to log in to this or any other services. 

The hacked data only runs up to the end of October 2016, suggesting that this was the date of the breach. This further reduces the chances of any DNA data being compromised, as MyHeritage did not offer consumer DNA testing at that time. 

Once data has been compromised in a breach, it is often impossible to determine whether it has been shared to a wider audience. This contributes to the worries some experts have about DNA data, which could be used to discriminate against people and their relatives seeking medical insurance or other services. 

'You can imagine the consequences,' Professor Giovanni Vigna, a cybersecurity expert at the University of California Santa Barbara, told The Verge. 'One day, I might apply for a long-term loan and get rejected because deep in the corporate system, there is data that I am very likely to get Alzheimer's and die before I would repay the loan.'

However, Hercher pointed out that many of the possible problems of DNA data misuse are as yet theoretical: 'I would rather give someone my DNA than my social security number, my search history, or my credit card.'

Israel-based MyHeritage report that they will be upgrading to two-factor authentication soon, and suggests that users change their password in the meantime.

More than 9 million samples have been processed across three of the top direct-to-consumer genetic test companies: Ancestry, 23andMe and MyHeritage. Each company is reporting continued growth.

Genealogy site MyHeritage says 92 million user accounts compromised
STAT |  5 June 2018
MyHeritage DNA testing service says breach affected 92M users' data
CNET |  5 June 2018
MyHeritage Statement About a Cybersecurity Incident
MyHeritage |  4 June 2018
30 November 2020 - by Michaela Chen 
One of the largest networks of fertility clinics in the United States has confirmed that it was targeted by a ransomware attack, resulting in a security breach of patient information...
4 February 2019 - by Martha Henriques 
A woman in Portland, Oregon, has been issued a warning from the sperm bank she used to conceive her child, after finding her donor's family via a 23andMe DNA test...
29 October 2018 - by Martha Henriques 
A pattern of epigenetic alteration of genes involved in Alzheimer's disease has been discovered...
30 July 2018 - by Dr Alexander Ware 
The pharmaceutical firm GlaxoSmithKline is investing US$300 million in 23andMe as part of a four-year collaboration that will give it access to the DNA testing firm's genetic data resources...
14 May 2018 - by Julianna Photopoulos 
Every day, about 10 new genetic tests come to market in the US, a study has found...
9 April 2018 - by Dr Axel Schumacher 
Reading Debbie Kennett's recent comment article on personal genetic testing (see BioNews 939), I found myself in complete agreement...
26 March 2018 - by Martha Henriques 
At-home genetic test results should be verified by medical professionals, researchers have warned, as a study reveals that 40 percent of the time DIY testing kits incorrectly identify genetic variants...
3 May 2016 - by Professor Joyce Harper, Debbie Kennett and Dr Dan Reisel 
With the rise of consumer genetic testing, it is now possible for people to accidentally discover that they were conceived using donor eggs or sperm and for donors who thought they were anonymous to be traced by their offspring...
14 July 2014 - by Rebecca Carr 
Canada's Office of the Privacy Commissioner has issued a statement urging the life and health insurance industry to refrain from asking applicants for access to existing genetic test results...
to add a Comment.

By posting a comment you agree to abide by the BioNews terms and conditions

Syndicate this story - click here to enquire about using this story.