Genetic data in the hands of cyber criminals

Following on the announcement of the 23andMe data breach, it’s important to explore just what makes this incident so serious. 

Consider how much we emphasize the value of one’s personal data.  Cyber criminals go after organizations across all industries to crack open databases and get at the juicy information within.  It doesn’t get much more valuable than your very DNA.  DNA results can reveal health information, familial ties, and other deep insights into an individual.  Now consider that 1 in 5 US adults have done these home genetic tests.  The 23andMe breach now becomes much more serious. 

Hackers broke into 23andMe’s systems via a credential stuffing attack using stolen names and passwords from a previous hack.  Cyber criminals use various types of personal data to accomplish their goals, usually consisting of gaining a foothold into an organization’s network.  From there, they can infiltrate further to drop some malware or steal whatever data they can find.  What, then, could a hacker want with such data as that which your physical body contains? 

For starters, genetic data could be used for blackmail.  The familial relationships and health data shown by ancestry services can be exploited to expose bloodline or family secrets that one might not want to become common knowledge.  More malicious dangers could involve identity theft, with the culprit using the stolen data like they would any other, in order to commit numerous types of fraud.  Once a bad actor has your genetic data, they can even use it to bypass biometric defenses for whatever scheme they’ve concocted. 

Most alarming is the potential for stolen genetic data to be used in creating a biological weapon.  In the hands of the right (read: wrong) buyers, gene editing can allow for alteration to DNA, which could lead to the creation of viruses and bacteria to be deployed in food and water supplies.  The potential and flexibility of cybercrime is unfortunately greater than ever.  While 23andMe has launched an investigation and required all customers to reset their passwords, further action in the meantime must be in the hands of those customers.

Demanding that organizations maintain strong data security hygiene is increasingly a crucial step for consumers to take, in addition to staying vigilant for suspicious activity on their accounts.  When people hold accountable the companies that store their sensitive data, the pressure leads to action and higher quality of protection.

For entities seeking a way to fulfill their obligations to their users and meet compliance standards, NetLib Security’s Encryptionizer product offers strong, transparent data encryption.  Encrypting data right out of the box, Encryptionizer is a cost effective answer that requires no additional programming and no sacrifice of performance.  Encryptionizer works across all environments, whether cloud, virtual or physical, and can assist organizations in any industry with achieving a solid security stance for their client base.


By: Jonathan Weicher, post on October 19, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security