Cyber Incident Victim: DNA Diagnostics Center

The DNA Diagnostics Center (DDC), an Ohio-based provider of DNA testing services, experienced a data breach impacting 2,102,436 individuals. The incident occurred between May 24, 2021, and July 28, 2021, with the company concluding its internal investigation on October 29, 2021. Unauthorized actors accessed a legacy database containing backup records from 2004 to 2012, which DDC confirmed was not connected to its current operational systems. The compromised information included full names, credit card numbers with CVV codes, debit card numbers with CVV codes, financial account numbers, and platform account passwords. DDC emphasized that the breached database originated from a discontinued national genetic testing organization unrelated to its present operations, which had been inactive since 2012. No genetic testing data—including paternity, ancestry, fertility, COVID-19, or immigration-related results—was exposed, as this information resides in separate systems. The company acknowledged the sensitivity of its service offerings but clarified that no active testing data or systems were involved in the breach.

Following the discovery, DDC engaged external cybersecurity experts to assist in recovering the stolen files and preventing further dissemination by the threat actor. As of the disclosure date (November 30, 2021), no fraudulent activity or misuse of the compromised data had been reported. Affected individuals received notification letters outlining steps to enroll in one year of complimentary credit monitoring and identity theft protection services through Experian. DDC advised impacted parties to monitor bank statements vigilantly and promptly report suspicious transactions. The company reiterated that the breach exclusively involved historical backups and posed no risk to its contemporary infrastructure or genetic data repositories. No additional technical specifics regarding the attack vector or containment measures were disclosed in the public notice.