University of Dundee, MSc Human Clinical Embryology and Assisted Conception - Apply now for September 2018
Page URL: https://www.bionews.org.uk/page_136360

Data breach sparks DNA test privacy concerns

11 June 2018
Appeared in BioNews 953

Genealogy service MyHeritage has revealed that some of their user account data has been hacked. 

Concerns over the safety of DNA testing services were raised last week, when email addresses and hashed passwords of more than 92 million users were found by an independent security expert on a private server located outside of the company. This caused particular alarm as MyHeritage also offers consumer genetic tests, although there is no evidence to suggest that any sensitive genetic information was compromised.

'When you put DNA and privacy together in a sentence, understandably and correctly, it makes people nervous', Laura Hercher, director of research in Human Genetics at Sarah Lawrence College, New York, told Stat News.

The MyHeritage security team reported that DNA information is stored on a segregated system, behind additional layers of security, and that payment information is hosted via third-party billing services. As the passwords stored were hashed – a process which converts passwords to seemingly random characters – MyHeritage claims it is unlikely that hackers have been able to use the email addresses to log in to this or any other services. 

The hacked data only runs up to the end of October 2016, suggesting that this was the date of the breach. This further reduces the chances of any DNA data being compromised, as MyHeritage did not offer consumer DNA testing at that time. 

Once data has been compromised in a breach, it is often impossible to determine whether it has been shared to a wider audience. This contributes to the worries some experts have about DNA data, which could be used to discriminate against people and their relatives seeking medical insurance or other services. 

'You can imagine the consequences,' Professor Giovanni Vigna, a cybersecurity expert at the University of California Santa Barbara, told The Verge. 'One day, I might apply for a long-term loan and get rejected because deep in the corporate system, there is data that I am very likely to get Alzheimer's and die before I would repay the loan.'

However, Hercher pointed out that many of the possible problems of DNA data misuse are as yet theoretical: 'I would rather give someone my DNA than my social security number, my search history, or my credit card.'

Israel-based MyHeritage report that they will be upgrading to two-factor authentication soon, and suggests that users change their password in the meantime.

More than 9 million samples have been processed across three of the top direct-to-consumer genetic test companies: Ancestry, 23andMe and MyHeritage. Each company is reporting continued growth.

SOURCES & REFERENCES
Genealogy site MyHeritage says 92 million user accounts compromised
STAT |  5 June 2018
MyHeritage DNA testing service says breach affected 92M users' data
CNET |  5 June 2018
MyHeritage Statement About a Cybersecurity Incident
MyHeritage |  4 June 2018
RELATED ARTICLES FROM THE BIONEWS ARCHIVE
14 May 2018 - by Julianna Photopoulos 
Every day, about 10 new genetic tests come to market in the US, a study has found...
9 April 2018 - by Dr Axel Schumacher 
Reading Debbie Kennett's recent comment article on personal genetic testing (see BioNews 939), I found myself in complete agreement...
26 March 2018 - by Martha Henriques 
At-home genetic test results should be verified by medical professionals, researchers have warned, as a study reveals that 40 percent of the time DIY testing kits incorrectly identify genetic variants...
3 May 2016 - by Professor Joyce Harper, Debbie Kennett and Dr Dan Reisel 
With the rise of consumer genetic testing, it is now possible for people to accidentally discover that they were conceived using donor eggs or sperm and for donors who thought they were anonymous to be traced by their offspring...
14 July 2014 - by Rebecca Carr 
Canada's Office of the Privacy Commissioner has issued a statement urging the life and health insurance industry to refrain from asking applicants for access to existing genetic test results...
HAVE YOUR SAY
Log in to add a Comment.

By posting a comment you agree to abide by the BioNews terms and conditions


Syndicate this story - click here to enquire about using this story.