GEDmatch DNA Testing Website

From Privacy Wiki
Jump to navigation Jump to search
GEDmatch DNA Testing Website
Short Title Public Genealogy Database GEDMatch Was Found Vulnerable Security Risks
Location
Date Late 2019

Taxonomy Insecurity
Information Ethnicity, Physical Characteristics, Medical and Health
Threat Actors GEDmatch

Individuals
Affected Users of GEDmatch
High Risk Groups
Secondary Consequences

Public genealogy database GEDMatch was found vulnerable to multiple kinds of security risks.

Description

GEDmatch is a public genealogy database, which is used as a third-party by such DNA testing sites as 23andMe, Ancestry.com and MyHeritage. These sites allow people to learn about their genetic makeup and GEDmatch compares their DNA sequences to others in the database who have uploaded test results, in order to connect to potential relatives in their family trees.

Researchers of University of Washington found that GEDmatch was vulnerable to multiple kinds of security risks. An adversary or simply a malicious user can extract sensitive genetic markers for someone and construct a fake genetic profile to impersonate someone’s relative by using only a small number of comparisons on GEDmatch.

This is an example of Insecurity, as the website allows users to see other users' DNA information.

Risk Statistics

Laws and Regulations

Sources

https://themarkup.org/ask-the-markup/2020/02/25/dna-testing-kit
https://www.washington.edu/news/2019/10/29/genetic-genealogy-site-vulnerable-compromised-data-impersonations/