Remember meForgot password?
    Log in with Twitter

article imageLooking behind the Gedmatch data breach and law enforcement Special

By Tim Sandle     Jul 23, 2020 in Technology
Gedmatch, a DNA analysis site, confirmed today that they suffered two breaches on consecutive days during July 2020. This comes after the site was pulled offline while it investigated how user profile data became available to law enforcement.
Following the recent incident of the site being used to catch the Golden State Killer, Gedmatch put in new controls to allow users to opt-in for their DNA to be included in police searches (according to TechCrunch). Users reported Sunday that those settings had changed without their permission, and that their DNA profiles were made available to law enforcement searches.
Typically, the site allows users to opt-in for their DNA to be included in police searches, but this breach changed these settings on user accounts without their permission.
Commentating on data breach for Digital Journal is Bitglass CTO, Anurag Kahol.
Kahol says: "Healthcare data is a lucrative target for hackers as the information commands high value on the dark web, up to 10 times more than the average credit card data breach record. The loss of DNA records and personally identifiable information could enable malicious actors to commit identity theft, insurance fraud, and targeted spear phishing campaigns."
He adds that: "This information is extremely valuable, and it is crucial that organizations have the proper controls for data security. Unfortunately, bad actors may have gained access to personal user data derived from GEDmatch’s database due to a misconfiguration in the database."
In terms of what needs to be done, Kahol notes: "Organizations must have full visibility and control over customers’ data by leveraging solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent unauthorized users from accessing sensitive data.”
More about Data breach, Cybersecurity, Gedmatch, Dna
Latest News
Top News