Cyber Incident Victim: DNA Solutions

In November 2021, DNA Solutions, an Oklahoma-based laboratory processing forensic DNA evidence for law enforcement agencies including the Oklahoma City Police Department (OKCPD), suffered a network security breach. The incident was detected and stopped by the company on November 18, 2021, after which DNA Solutions immediately secured its network environment and engaged cybersecurity experts to investigate. The investigation revealed that an unauthorized third party accessed the network through an unknown vulnerability in a third-party software provider's platform. This compromise potentially exposed sensitive personal and medical information from sexual assault kits processed by the laboratory over a two-year period. DNA Solutions notified federal law enforcement about the incident shortly after discovery. The breach specifically impacted data from rape kits submitted by sexual assault victims, though the exact number of affected individuals remained unknown.

The compromised information included medical details but excluded social security numbers, driver's license data, and financial records. DNA Solutions notified all potentially affected individuals and offered free credit monitoring and identity protection services. The OKCPD confirmed it had terminated its contract with DNA Solutions following the breach and sent written notifications to all individuals who had submitted rape kits to the laboratory during its operational partnership. While no forensic testing data was confirmed as stolen, the incident exposed vulnerabilities in third-party software dependencies. DNA Solutions emphasized its commitment to data protection and safeguarding against future threats, though no specific technical remediation measures were disclosed publicly. The breach highlighted risks to highly sensitive victim data handled by third-party forensic service providers in law enforcement workflows.