In the 21st Century, Even Your DNA Data Could Be Under Attack

There's nothing to stop you from going to a laboratory, providing some DNA material, and having it thoroughly analyzed. It could give you an accurate picture of your ethnic origin, for example, but thanks to the World Wide Web, the opportunities nowadays are much wider. There are genealogy companies that can use your DNA data to help you find lost relatives living thousands of miles away and learn more about your ancestors. DNA information stored on the Internet is at the core of these companies' business. As a general rule, if data is stored on the Internet, sooner or later, it will be attacked.

Attacks on genealogy companies

A couple of recent incidents show that genealogy companies aren't immune to cyberattacks. In December 2017, hackers managed to steal around 300,000 usernames and passwords from RootsWeb, a website owned by Ancestry LLC. Ancestry is responsible for storing DNA material of over 7 million individuals and is considered to be one of the biggest enterprises of its kind.

On Monday, MyHeritage, another company working with a similar business model, announced that on October 26, 2017, hackers made off with a database containing about 92 million records. Like Ancestry, MyHeritage has millions of customers and holds tons of extremely sensitive data.

So far, DNA information hasn’t been exposed

It must be noted that during those two attacks, no actual DNA data was compromised. Currently offline, RootsWeb is a website that uses message boards and mailing lists to help people find more information about their family, and although it's owned by Ancestry, it doesn't host any DNA-related data. After analyzing the database, Ancestry concluded that a small number of the leaked passwords (less than 1% according to the official announcement) were reused by paying customers on Ancestry.com. These users were urged to change their passwords immediately.

In MyHeritage's case, the good password storage policies the company had adopted paid off. According to Omer Deutsch, the company's Chief Information Security Officer, the stolen passwords were hashed, and the crooks had no way of seeing them. As a precaution, all the users will need to change their passwords, and MyHeritage is working on implementing a two-factor authentication system as an additional layer of security.

So, we even have a silver lining of sorts, although you could argue that two-factor authentication should have been available long ago. Let's not get overly optimistic, though.

Future attacks and privacy concerns

You might be wondering why anyone would want to compromise platforms like Ancestry and MyHeritage. The motives for these particular attacks are not clear, but it's fair to say that if the hackers want to steal the data, they likely know what to do with it.

In any case, DNA information is considered the ultimate identifier, and you wouldn't want it falling into the wrong hands. Privacy advocates are raising their concerns at the moment. They reckon that despite the security measures taken by genealogy companies, there are certain factors that could make the personal data of millions of people vulnerable. It's a known fact that there's no such thing as "guaranteed security" on the Internet, and if the company holding your DNA data is attacked, you can do little more than hope that its defences are adequate enough.

That's not the only concern the experts have, though. They also say that before users hand over any personal information, they should carefully read the Terms and Conditions. People must also make sure that they're up-to-date on any changes the companies make to their Privacy Policies.

It's all down to the annoying fine print, and we all know that few of you actually go through the trouble of reading the legalese. When your DNA data is at stake, however, it could be well worth the effort.