DNA testing biz vows to improve infosec after criminals break into database it didn’t know it had


A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old “legacy” database the company forgot it had.

The genetic testing firm, DNA Diagnostics Center (DDC) reached a settlement deal with states’ attorneys general in Ohio and Pennsylvania last week, after the social security numbers of 45,000 residents of the two states was exposed, with each of the states getting $200k. Ultimately the 2021 attack exposed the data of over 2.1 million people who had undergone genetic testing across the US.

Read more…
Source: The Register