Ohio-based DNA testing company DNA Diagnostics Center (DDC) announced that it was the victim of a data breach that has affected over 2 million customers.
DNA Diagnostics Center confirmed that the data breach occurred between May 24 and July 28. DDC concluded its internal investigation on Oct. 29, 2021.
DDC said the hackers were able to access much of the customers’ personal information, including full names, credit card and debit card numbers (and CVVs), financial account numbers, and platform account passwords after breaching the company’s database.
DDC’s compromised database contained older backups dated between 2004 and 2012. However, it’s not linked to the active systems and databases currently used by the company, which means most of the stolen credit card data is most likely already outdated.
“The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012,” DDC said in a document released by the company.
“DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC.” the company added.
DDC Response
In response, DDC is working with external cybersecurity experts in order to regain possession of the stolen data and ensure that the threat actor is neutralized. Currently, there have been no reports of fraud or use of the stolen data.
The users impacted by the breach will receive a notification letter and instructions on enrolling for one free year of credit card monitoring and identity theft protection by Experian, the DDC said.
DDC also advised the customers receiving the notices to stay vigilant against potential fraud and to monitor their bank account statements regularly in order to identify and report suspicious activity as soon as possible.
DDC emphasized that no genetic testing data was exposed during the data breach incident since that is stored in a different system.
The company is holding very sensitive genetic data, as they offer paternity, DNA relationship, fertility, COVID-19, and ancestry tests, along with testing for immigration purposes.
However, according to the notice, nothing relevant to those services was compromised by the hackers.