Cyber Incident Victim: Ancestry.com
Date:
Jun 2014
Location:
United States of America
Summary
The genealogy service Ancestry.com experienced a significant outage lasting two days due to a distributed denial-of-service (DDoS) attack that overwhelmed its systems with massive bogus traffic. The incident also disrupted access to Find A Grave, a recently acquired subsidiary. While the company's technical team worked overnight to restore most services, some users continued reporting intermittent accessibility issues afterward. Ancestry confirmed no customer data was compromised during the attack but acknowledged the disruption caused user frustration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 16, 2014, at approximately 1:30 p.m. Mountain Time, Ancestry.com and its subsidiary FindAGrave.com experienced a severe Distributed Denial of Service (DDoS) attack. The attack flooded Ancestry’s infrastructure with massive volumes of bogus traffic, overwhelming its systems and rendering both websites inaccessible to users. Ancestry’s technical team immediately engaged in mitigation efforts, working continuously through the night to identify and counteract the malicious traffic patterns. By June 17, most services were restored, though sporadic access issues persisted for some users beyond the initial recovery period. The disruption lasted approximately two days, marking one of the most significant outages in the genealogy platform’s operational history. FindAGrave.com, a recently acquired service specializing in cemetery records, was similarly incapacitated by the attack, indicating a broad targeting of Ancestry’s web properties. No evidence suggested unauthorized access to user data or systems, as the attack solely aimed at disrupting service availability.
Ancestry’s Chief Technology Officer, Scott Sorensen, publicly acknowledged the incident via the company’s Facebook page, confirming the DDoS nature of the assault and apologizing for the resulting user frustration. The attackers’ identities and motives remained undisclosed, with no group claiming responsibility for the incident. Ancestry’s response focused on traffic filtering and infrastructure adjustments to restore connectivity, prioritizing core services first. Despite these efforts, lingering performance issues affected a subset of users even after the primary mitigation, highlighting the attack’s residual impact. The company emphasized that no customer data was compromised during the outage, framing the event as a service availability challenge rather than a data breach. Both Ancestry.com and FindAGrave.com resumed normal operations following the containment measures, though the incident underscored vulnerabilities in handling large-scale DDoS campaigns.