In today’s rapidly evolving technological landscape, the widespread availability of genetic testing and the increasing collection of biometric data have opened new frontiers in healthcare, forensics, ancestry, and personal identification. While these advancements promise to revolutionize our understanding of genetics and enhance security measures, they also bring a troubling and multifaceted concern – the risk of identity theft and fraud.
As individuals share their most personal genetic and biometric information for various purposes, the potential for unauthorized access and misuse of this sensitive data looms large. A recent data breach raises pressing questions about the balance between technological advancement and personal privacy directly related to genetic testing and biometric data. Despite the best intentions of companies that gather this data to harness it for noble intentions, the unsettling reality is that it can easily expose individuals to the perils of identity theft.
23andMe, a genomics company that collects genetic material from thousands of people for ancestry and genetic predisposition tests, experienced a data breach on October 6, 2023. The company’s servers were not hacked, but hackers targeted hundreds of individual user accounts, allegedly those with weak or repeated passwords. After gaining access to the accounts, hackers could leverage the “DNA relatives matches” function of 23andMe to get information about thousands of people who didn’t use the service. The breach exposed information about user’s DNA Relatives’ profiles expanding its scope beyond just a single compromised individual. This incident is a stark example of how we all think about privacy, data security, and corporate accountability within the information economy.
The risk of identity theft associated with the 23andMe data breach is significant. The leaked data includes genetic ancestry results, geographical location, full names, usernames, profile photos, sex, and date of birth. This information can be used to steal identities, commit financial fraud, and even blackmail the individuals involved. The victims may also face an increased risk of harassment and direct fraud, as the leaked data includes names, addresses, and locations. Unscrupulous bad actors could even use the data to target people with a propensity for certain health conditions and diseases, such as type 2 diabetes, Parkinson’s, or dementia. The potential harm from this ranges from increased insurance premiums to employment discrimination. And the situation is a glaring highlight of the risks associated with DNA databases.
If you are a current 23andMe user, the following steps are recommended to enhance security.
- Choose unique passwords that don’t contain personal or identifying information.
- Enable two-factor authentication to prevent attackers from compromising individual accounts using login credentials from other data breaches.
- Sign up for an identity theft restoration service.
23andMe is requiring all users to reset their passwords. The company states that it is committed to providing a safe and secure place where users can learn about their DNA. But this breach should serve as a fair warning for everyone using or interested in using this type of service – that their user data is not guaranteed safe and secure.
Is Your DNA and Other Biometric Data at Risk?
If you are already a member of 23andMe, then it’s safe to assume your biometric data has been compromised. While this breach has not affected every single service user, the potential risk is evident. You should, at the very least, take the steps listed above to enhance the security of your account to limit easy access to your data related to the current breach. The same advice goes for anyone using any other type of similar genomics service, such as ancestry.com.
And while this incident raises alarms because of the sensitive nature of biometric data, it’s not all that different from other data breaches that occur constantly. Any information and personal data you submit to any company, service, or organization is at risk. That’s simply a reality of the digital age we live in. Companies are still catching up on implementing effective security measures, so never assume your information is safe. Preventative measures such as identity theft restoration services can go a long way towards getting your life back in order after a data breach involving your personal information.
Should You Use Genomics Services?
Understanding the potential risks associated with a data breach may impact your decision to use a genomics service in the first place. There is no way to eliminate the potential for cybersecurity incidents outright, meaning your personal information and biometric data are vulnerable as soon as you submit them, no matter which service or company you submit to. That said, it’s up to you whether the benefit of the service is worth this potential risk.
In addition to identity theft, here are some other issues associated with these genomics services:
- Fraudulent billing: Scammers may offer “free” genetic testing to obtain personal or Medicare information for fraudulent billing purposes.
- Unnecessary testing: Scammers may offer genetic testing that is not medically necessary or ordered by a physician, which can result in Medicare beneficiaries being responsible for the entire cost of the test.
- Hacking: Genetic testing companies have a unique set of information on their consumers, which makes them a target for hacking and data breaches.
- Privacy risks: Sharing genetic data with testing companies can put individuals’ privacy at risk, as their genetic data is unique and highly identifiable.
It’s important to be aware of these risks and take steps to protect yourself better. Be suspicious of anyone who offers “free” genetic testing and requests your Medicare or health insurance number. You should also carefully read the privacy policies of genetic testing companies to understand the risks and consequences of sharing your genetic data.
LibertyID provides expert, full-service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.