Exploit: Unauthorized Database Access
GEDmatch: Genealogy and Genetic Testing Service
Risk to Small Business: 1.331 = Extreme
GEDmatch is famous for being the site used to catch and effectively prosecute the notorious Golden State Killer. But they weren’t able to secure their data effectively, because hackers were able to gain access to the company’s internal storage, obtain some user information, and change account permissions last week. About 280,000 of the 1.45 million profiles on the site had agreed to share their information with law enforcement agencies. In the recent breach, attackers scooped up information and also changed users’ settings so that all 1.45 million DNA profiles were available to law enforcement searches – twice. The hack was then compounded as information purportedly gained in the incident was used to mount a phishing attack on the clients of an Israeli partner of GEDmatch, MyHeritage. The GEDmatch site has been taken down for maintenance and recovery with no ETA on restoration.
Individual Risk: 2.172 = Severe
While no genetic data or financial information has been reported as compromised, the investigation is still ongoing. Users of GEDmatch should be cautious that personal information may have been compromised and made available to law enforcement officials.
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business: Not only can a cybersecurity incident lead to an embarrassing and expensive breach for one company, it can also open that company’s partners up to cybercrime risks, like the phishing campaign mounted against MyHeritage users.