Security flaw compromises bank with millions of genetic data

It was in the past weekend that a security breach ended up compromising the protection of millions of genetic profiles, integrated in the GEDmatch database.

For three hours, the data was exposed to all members, including the legal authorities who sometimes turn to the site to find similar genetics to evidence found at crime scenes.

The owners of the data present on the platform, which is used by genealogists, decide, a priori, whether they agree to share their information with the police.

However, this security breach ended up revealing all profiles, regardless of whether or not they consent to the sharing.

It is not clear, however, whether the problem was used by any authority to query data without authorization.

Verogen, a company that recently acquired GEDmatch, no data has been downloaded or seriously compromised.

But, contrary to this claim, MyHeritage warned, two days later, that a phishing scam was affecting its users who were also registered with GEDmatch.

According to MyHeritage, these people's emails may have been obtained as a result of the security problem that affected the platform owned by Verogen.

The company has taken the site offline and says it is working with a technology specialist in cybersecurity to conduct an analysis that should determine what was really affected and what is the best protection strategy for the future.

Despite Verogen's efforts, these may not be enough to regain users' trust.

The provision of genetic information is a sensitive topic and sharing it with the authorities is a subject that causes even more friction.

If GEDmatch is not able to maintain the security of the data they obtain, users will be even less willing to give it up.