DNA Diagnostics Center (DDC), a popular DNA and paternity testing company, announced in a notice this week that it detected a data breach in August. The hackers gained access to an archived database containing personal information collected between 2004 and 2012. DDC says it acquired the database alongside a national genetic testing organization system in 2012. A data breach notification from the Maine attorney general’s office reveals that the breach affected over 2.1 million people.
DNA testing company reports data breach
After detecting the data breach, DDC claims to have taken action quickly. The company “proactively contained and secured the threat and executed a prompt and thorough investigation in consultation with third-party cybersecurity professionals.” DDC also worked with law enforcement. Following their investigation, they determined that the attackers potentially stole files and folders from the database between May 24th, 2021 and July 28th, 2021.
There is some good news, at least from DDC’s perspective. The company notes that it never actually used the archived system in its operations. Furthermore, the system hasn’t been active since 2012. So, just to clarify, the attackers did not steal information DDC is actively using. If you’ve recently received a relationship test directly from DDC, your data is still safe.
Should you be concerned?
At this point, you are probably wondering whether or not you should be concerned. Here is what DDC had to say about the people who might have had their data stolen:
If you know you have received a relationship test from DDC directly, this incident did not affect that test, as the information was acquired from an archived system that was never used by DDC. Individuals whose personal information was potentially accessed are being notified in accordance with state regulations, and out of an abundance of caution to protect against identity fraud, DDC is providing a complimentary membership of Experian credit monitoring to eligible individuals. If you received a relationship test as a part of court proceedings or independent, individual testing between 2004 and 2012 but have not received a mailed letter from DDC regarding this incident, please contact 1-855-604-1656 as you may be eligible for complimentary credit monitoring services through Experian.
This clearly could have been worse, but the fact remains that the breach impacted 2.1 million people. Attackers were able to steal full names, credit and debit card numbers, account numbers, passwords, and more. DDC is in the process of sending letters to affected individuals. If you think that you might be one of the 2.1 million victims, keep an eye out. You should get a letter soon.
How to protect yourself from fraud
DDC also offered a series of steps individuals can take to protect their personal information:
- Place a fraud alert on your credit file. Call any one of the three major credit bureaus (Equifax, Experian, TransUnion) and tell them to alert you before they open a new account.
- Place a security freeze on your credit file. A more extreme step that will stop credit bureaus from releasing your credit report with express authorization.
- Obtain a free credit report. Once every 12 months, you can request a free credit score from each of the three major bureaus. Once you receive your report, check it for discrepancies.
This data breach of a DNA testing firm goes to show just how determined hackers are to steal data anywhere they can find it. Always keep a close eye on your accounts for any signs of trouble. You never know when or where someone might find your email address and passwords.