Spit into a cup, send it off in the mail, and find out what your DNA says about you. This is the basis of several companies who provide genetic information to individuals, often filling in the missing information about familial ties and histories for folks. However, recent reports state cyber criminals were able to infiltrate RootsWeb, which is owned and operated by Ancestry.com, the hackers getting away with the login details of approximately 55,000 Ancestry customers who used the same email and password combo on RootsWeb.
Ancestry.com currently holds the largest private database of DNA in corporate history, with the genetic code of more than five million people in their possession. It’s no wonder it was a target in today’s landscape of high profile data breaches. That said, Ancestry maintains only login credntials were stolen in the breach, and not genetic data.
Ryan Wilk, VP at behavioral biometrics company NuData, commented on the situation: “Bad actors are constantly trying to engineer new ways of bypassing security measures; however, two-factor authentication still offers stronger security than the classic one-factor authentication.”
The death of the password is a prevalent theme in the authentication and identity industry, with multimodal authentication provided as a solution in avoiding identity theft. Wilk posits this as the best way to protect sensitive information. “To avoid account takeovers with stolen username and passwords, two-factor authentication can be combined with other security layers such as passive biometrics and behavioral analytics, so that if one layer fails or is not reliable, another layer of security takes over, protecting the customers’ accounts even if the credentials have been stolen,” he said.
Security against hackers may not be the only worries consumers have about spittle-based DNA and genetic information companies, with the potential for these firms to turn around and sell personal information to insurance companies or other parties. Although Ancestry claims it would never do this, according to The Daily Mail, the company has recently update its terms and conditions making it clear that policies such as this can be changed in the future.
June 7, 2018 – Susan Stover