Less than a week after the Family Tree Maker app leaked personal data of about 60,000 users, another genealogy platform has made it to the cybersecurity headlines after exposing data of its users to law enforcement agencies.
GEDmatch, a genealogy website used to trace people’s family trees, had been forced to shut down following a cyberattack that led to the exposure of DNA profiles of over 1 million people who use the online service.
On Sunday, GEDmatch revealed in an email sent to members that the company was hit by back-to-back security breaches on July 19 and July 20.
Specifically, according to the firm, a “sophisticated attack” on its servers through a user account made the DNA profiles of its members available for police to search on July 19. At the time, the breach lasted for about three hours and forced the site to temporarily shut down.
GEDmatch soon resumed but shut down again after it became a target of the second breach on July 20, which caused user’s settings to reset to opt-in to law enforcement matching
“We became aware of the situation a short time later and immediately took the site down. As a result of the breach, all user permissions were reset, making all profiles visible to all users,” the email wrote. “This was the case for approximately 3 hours. During this time, users who did not opt-in for law enforcement matching were also available for law enforcement matching, and conversely, all law enforcement profiles were made visible to Gedmatch users,” it added.
To date, despite the unauthorized access, the company assures that DNA information of its users was not compromised.
“We can assure you that your DNA information was not compromised, as GEDmatch does not store raw DNA files on the site,” said Brett Williams, CEO of Verogen Inc., the company that bought GEDmatch in December 2019. “When you upload your data, the information is encoded, and the raw file deleted. This is one of the ways we protect our users’ most sensitive information.”
Founded in 2010, GEDmatch gained significant media coverage in 2018 after law enforcement used the site to identify the Golden State Killer in California. At the time, detectives used GEDmatch’s platform to map three of the four familial lines of the killer to trace the serial killer.