Cyber Incident Victim: Veritas Genetics
Date:
Nov 2019
Location:
United States of America
Summary
A cybersecurity breach at Veritas Genetics exposed sensitive customer data, including personal and genetic information, due to unauthorized access. Security researchers discovered the incident, which compromised unprotected databases containing detailed genetic profiles and customer records. The company acknowledged the breach and secured affected systems but did not disclose the total number of impacted individuals. Exposed information potentially included names, contact details, and genetic test results, raising significant privacy concerns for affected customers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In November 2019, Veritas Genetics experienced a data breach that exposed sensitive customer information. The incident was publicly disclosed on November 6, 2019, following an internal investigation. Unauthorized parties gained access to an internal database containing personally identifiable information of customers who had used the company's genetic testing services. The compromised data included customer names, dates of birth, and credit card numbers. Genetic test results were not accessed or exfiltrated during the breach according to the company's statements. Veritas Genetics discovered the intrusion through routine security monitoring systems that flagged anomalous database activity patterns. The company promptly initiated forensic analysis with assistance from third-party cybersecurity experts to determine the breach's scope and origin.
The breach impacted an undisclosed number of customers across multiple countries where Veritas Genetics operated. Affected individuals received direct notifications detailing the specific types of their exposed information. The company offered complimentary credit monitoring services to impacted customers as a protective measure. Veritas Genetics implemented additional security controls on their database systems following the incident, including enhanced access restrictions and encryption protocols. The compromised infrastructure involved customer-facing systems used for processing orders and storing payment information. No evidence suggested misuse of stolen data prior to containment. The incident highlighted risks associated with storing sensitive health-related customer data amid increasing targeting of biotechnology firms by cybercriminals seeking financial information.