DNA testing firm accidentally spills information on two million customers
Credit card details stolen
A US-based DNA testing company has been breached, and a database with personally identifiable information on more than two million customers stolen, the firm has announced.
DNA Diagnostics Center (DDC) said the breach took place between late May and late July this year, while its internal investigation ended in late October this year. The investigation revealed that whoever was behind the attack made away with full customer names and credit card numbers (including CVVs). Furthermore, financial account numbers were stolen, as well as platform account passwords.
The good news is that the data that was stolen resided in an old backup, and was accumulated between 2004 and 2012, so most of the credit card data is probably obsolete by now. The active systems and databases the DDC uses these days were not affected, the company confirmed. Furthermore, no DNA testing data was exposed.
Free identity theft protection for the victims
Although the credit card details were likely out of date, the exposure of full names and account passwords is enough for customers to fall victim to follow-up attacks on other platforms.
DDC is said to be working with third-party cybersecurity experts to try and find the stolen data and make sure it isn't distributed further across the web. Bleeping Computer says the data is yet to be used elsewhere.
The customers affected by the breach will get one year of free credit monitoring and identity theft protection services with Experian, it was said. The DDC warned these users to keep both eyes open for potentially fraudulent activity on their bank accounts, and if anything suspicious comes up, to report it to the authorities, immediately.
- Make sure to also check out our list of the best malware removal software out there
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.