DNA database hacks: Online genealogy becomes fair game for security breaches

• Author:
• Author name

  Quantumrun Foresight
• November 25, 2021

The rise in DNA database hacks has exposed sensitive genetic information. These breaches have prompted an urgent need for enhanced cybersecurity measures, transparency about security processes, and stringent regulations for data protection. The situation also presents opportunities for job growth in cybersecurity, technological advancements in data protection, and the emergence of new markets like cybersecurity insurance.

DNA database hacks context

There have been a growing number of DNA database hacks in recent years as DNA testing tools have increased in popularity. For example, on July 19, 2020, hackers infiltrated GEDMatch’s servers and made the DNA data of one million users available to law enforcement against their consent. Unfortunately, GEDMatch wasn’t aware of this threat until three hours after the hack and had to pull their site offline for security purposes. 

GEDMatch is a popular tool used by regular consumers and law enforcement to solve cold cases like the Golden Slate Killer Case. In addition, users often upload genetic information compiled by other sites like MyHeritage to find lost relatives. Unfortunately, GEDMatch was not transparent about the process, claiming that the hackers didn’t download any data. MyHeritage, however, stated in a blog post that hackers accessed user emails to plan a future hack. 

DNA database hacks make users more vulnerable than other data breaches because they reveal sensitive information like potential health risks. There are three main methods hackers can use for DNA database hacks. These include Identical By Sequence (IBS) tiling, probing, and baiting. In order, these methods involve using a public collection of human DNA whereby hackers can (1) upload genomes until they find the match they’re looking for, (2) look for a specific gene variant (such as the one for breast cancer), or (3) trick the algorithm into revealing relatives of a particular genome. 

Disruptive impact 

As DNA data contains highly personal and sensitive information, its unauthorized access could lead to potential misuse, such as identity theft or even genetic discrimination. For instance, an individual's genetic predisposition to certain diseases could be exploited by insurance companies to increase premiums or deny coverage. Therefore, it is crucial for individuals to be aware of these risks and take necessary precautions when sharing their genetic data with any service.

For companies dealing with genetic data, the long-term implications of these hacks are multifaceted. They need to invest more in cybersecurity measures to protect their databases from potential breaches. This process not only involves implementing advanced security systems but also requires regular audits and updates to keep up with evolving cyber threats. Companies need to also work toward building trust with their consumers by being transparent about their security processes and educating consumers about the measures taken to safeguard their data. Additionally, companies need to consider implementing policies for responsible data handling and sharing.

From a governmental perspective, the rise in DNA database hacks requires the development of resilient regulations and policies. Governments need to establish stringent standards for genetic data protection and enforce penalties for non-compliance. Moreover, they should also promote research and development in cybersecurity solutions specifically tailored for genetic data. This effort not only creates a safer environment for genetic data handling but also opens up new job opportunities in the intersection of biotechnology, biostatistics, and cybersecurity.

Implications of DNA database hacks 

Wider implications of DNA database hacks may include: 

• A reduced customer base for genealogy sites due to a lack of consumer trust.
• A higher job availability to ramp up the cybersecurity departments for such services.
• More research opportunities for graduates to understand how DNA database hacking works, including the dangers and prevention methods.
• A rise in the demand for genetic counseling services, including safeguarding genetic privacy. 
• The creation of a new market for cybersecurity insurance, leading to economic growth and increased competition among insurance providers.
• A shift in population dynamics as individuals may choose to avoid genetic testing due to privacy concerns, leading to potential gaps in public health data and challenges in disease prevention efforts.
• The acceleration of technological advancements in encryption and data anonymization, leading to a surge in innovation and the creation of new tech startups.
• The need for more energy-efficient and secure data centers to store and protect the growing volume of genetic information.

Questions to consider

• Do you think government authorities should require more transparency from genealogy services online? 
• Do you think the average consumer is aware of the dangers of using such websites?