Gedmatch Confirms Data Breach After Users’ DNA Profile Data Made Available to Police
upstart writes in with an IRC submission:
Gedmatch confirms data breach after users' DNA profile data made available to police - TechCrunch:
Gedmatch, the DNA analysis site that police used to catch the so-called Golden State Killer, was pulled briefly offline on Sunday while its parent company investigated how its users' DNA profile data apparently became available to law enforcement searches.
[...] In a statement on Wednesday, the company told users by email that it was hit by two security breaches on July 19 and July 20.
"We became aware of the situation a short time later and immediately took the site down. As a result of the breach, all user permissions were reset, making all profiles visible to all users," the email read. "This was the case for approximately 3 hours. During this time, users who did not opt-in for law enforcement matching were also available for law enforcement matching, and conversely, all law enforcement profiles were made visible to Gedmatch users."
The statement said that the second breach caused user's settings to reset, allowing law enforcement to search profile data for users who had previously opted out.
At the time of writing, Gedmatch's website was offline.
Read more of this story at SoylentNews.