DNA is the key to a person’s most sacred hidden links.
Through a tiny sample of saliva you can unlock the door to one’s genetic traits, health risks, familial relationships and even ancestral roots. This most confidential information is now at risk of no longer being confidential after hackers stole genetic data from millions through popular DNA testing firm 23andMe.
About 1 in 5 adults in America have taken at-home genetic tests. Companies that offer these tests such as 23andMe, AncestryDNA, MyHeritage and others blew up in popularity in 2017 after successful advertising campaigns and end-of-the-year price cuts made them even more accessible to consumers. The popularity of at-home DNA tests has remained ever since.
Related: Data Breach Exposes 15 Million T-Mobile Customers' Personal Data
However, privacy concerns have recently come to light after 23andMe, one of the first companies to offer direct-to-consumer genetic testing, had a data breach earlier this month. Hackers performed a credential stuffing attack where cyber criminals use stolen usernames and passwords from a previous hack to gain access to accounts in the system.
Data from profiles — which included DNA ancestry and other personal information — was compromised in the 23andMe data breach. The information was put up for sale by hackers, raising concerns and questions as to why on earth would hackers be interested in obtaining information pulled from DNA samples.
Apparently DNA data is a hot commodity on the black market, and here are a few reasons why it can be valuable to malicious actors.
Blackmail: Personal information such as ancestry, health data and family relationships from users can be used as a tool for blackmail. For example, such private information can be used to expose hidden family secrets and malign one’s reputation.
Impersonation: Personal information such as addresses, phone numbers, names, birth dates, photos etc. can be used for impersonation and to craft scams. Biometric security systems that rely on fingerprints, facial recognition, palms and iris scans to keep data secure can be bypassed with stolen genetic data as well.
Biological weapon: Stolen DNA, if manipulated, can be used to create biological weapons since hackers can sell the data for gene editing, which is the process of making specific changes to DNA, to develop deadly bacteria and virus strains. These diseases and other genetically modified toxins can spread and infiltrate food production, water supply and other systems that rely on biotechnology.
In response to the recent breach of DNA data, 23andMe released a statement informing users that it has launched an investigation and is encouraging users to change their passwords.
"We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure," the statement read. "Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA). If we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information."
Get investment guidance from trusted portfolio managers without the management fees. Sign up for Action Alerts PLUS now.
