GEDmatch DNA Testing Website
GEDmatch DNA Testing Website | |
---|---|
Short Title | Public Genealogy Database GEDMatch Was Found Vulnerable Security Risks |
Location | |
Date | Late 2019 |
Solove Harm | Insecurity |
Information | Ethnicity, Physical Characteristics, Medical and Health |
Threat Actors | GEDmatch |
Individuals | |
Affected | Users of GEDmatch |
High Risk Groups | |
Tangible Harms |
Public genealogy database GEDMatch was found vulnerable to multiple kinds of security risks.
Description
GEDmatch is a public genealogy database, which is used as a third-party by such DNA testing sites as 23andMe, Ancestry.com and MyHeritage. These sites allow people to learn about their genetic makeup and GEDmatch compares their DNA sequences to others in the database who have uploaded test results, in order to connect to potential relatives in their family trees.
Researchers of University of Washington found that GEDmatch was vulnerable to multiple kinds of security risks. An adversary or simply a malicious user can extract sensitive genetic markers for someone and construct a fake genetic profile to impersonate someone’s relative by using only a small number of comparisons on GEDmatch.
This is an example of Insecurity, as the website allows users to see other users' DNA information.
Laws and Regulations
Sources
https://themarkup.org/ask-the-markup/2020/02/25/dna-testing-kit
https://www.washington.edu/news/2019/10/29/genetic-genealogy-site-vulnerable-compromised-data-impersonations/