At-Home DNA Tests and Growing Privacy Concerns
Direct to consumer genetic testing companies, such as 23andMe, AncestryDNA, MyHeritage DNA, and Living DNA, have convinced millions of people to place their genetic material, typically a saliva sample, in an envelope and send it for analysis. In 2017, the genetic testing market was worth approximately $99 million in 2017, and it’s estimated that it will be worth $310 by 2022.However, not everyone is as thrilled about the growing popularity of direct to consumer genetic testing as the companies that profit from it. “The key thing about your genetic data…it is uniquely yours. It identifies you, so if you are going to entrust it to a company, you should try to understand what the consequences are,” said Jennifer King, director of consumer privacy at Stanford Law School’s Center for Internet and Society.
While genetic testing companies have plenty good reasons to protect the genetic data of their customers—their business depends on consumer trust, after all—cybercriminals are experts at finding ways how to circumvent even the most state-of-the-art cyber defenses.
This was demonstrated by an unknown hacker on October 26, 2017, which was the date when MyHeritage, an online genealogy service that was first developed and popularized by the Israeli company MyHeritage in 2003, was breached, leaking email addresses and hashed passwords of more than 92 million users who signed up for the services until the date of the breach.
The company didn’t disclose the breach until June 4, 2018, and it did so only after a security researcher reported finding a file that contained email addresses and hashed passwords on a private server. “Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords,” said MyHeritage in its statement.
“We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach. MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer. This means that anyone gaining access to the hashed passwords does not have the actual passwords.”
The breach of MyHeritage has served as a powerful reminder of the fact that consumers are not focusing on privacy nearly as much as they should be. The next data breach could be far more serious, and there are many ways how genetic data could be exploited. For instance, insurance companies could use it to deny health insurance coverage for consumers with genetic predispositions to certain medical conditions.
To prevent this from happening, genetic testing companies must ensure that a data breach similar to the one that affected MyHeritage won’t happen again, and consumers must educate themselves on the privacy implications of sharing their genetic data with genetic testing companies and their partners.
Comments
Tags: 23andme, bigdata, dna, privacy
Trackback from your site.