Cyber Incident Victim: GEDmatch
Date:
Jul 2020
Location:
United States of America
Summary
A cybersecurity breach targeted a genetic genealogy platform, compromising user data through unauthorized access via an existing account. The attack exposed over a million previously restricted DNA profiles to law enforcement searches, violating privacy settings intended to shield such data. Subsequently, stolen email addresses facilitated phishing attempts against users of another genealogy service, aiming to harvest login credentials. The incident undermined confidence in the platform's ability to safeguard sensitive genetic information and raised broader concerns about vulnerabilities in forensic genealogy databases. Experts highlighted risks to user trust and the ethical implications of exposing DNA data, particularly given the service's role in criminal investigations. The breach demonstrated cascading threats, linking initial data exposure to secondary cyberattacks across related platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 19, 2020, GEDmatch, a genetic genealogy database instrumental in high-profile criminal investigations like the Golden State Killer case, experienced a security breach. Attackers compromised one of the platform's servers through an existing user account, altering privacy settings to expose over a million DNA profiles that users had previously opted to hide from law enforcement searches. This unauthorized access occurred shortly after forensic genetics company Verogen acquired GEDmatch in December 2019, undermining their efforts to reassure users about privacy protections while expanding law enforcement applications. The breach remained undetected until users noticed their privacy preferences had been reversed, making sensitive genetic data unexpectedly available for police forensic searches.
Two days later on July 21, MyHeritage, another genealogy service, reported a targeted phishing campaign against its users. Attackers utilized email addresses obtained from the GEDmatch breach to send fraudulent login requests, attempting to compromise MyHeritage accounts. Verogen confirmed the GEDmatch intrusion in public statements to BuzzFeed News and Facebook, characterizing it as a sophisticated attack but providing no technical specifics about the compromised server or account. The incident exposed vulnerabilities in genetic data stewardship, particularly concerning law enforcement access controls. Forensic genealogy advocates and privacy experts highlighted the breach's potential to erode public trust in DNA platforms, noting implications for both criminal investigations and personal data security. The coordinated attacks demonstrated emerging risks in the intersection of consumer genetics and forensic applications, with lasting consequences for industry practices and user confidence.