MyHeritage, a DNA Testing and Ancestry Service, Announces Data Breach of Over 92 Million Account Details

Joseph Cox, reporting for Motherboard: Unfortunately for customers of MyHeritage, a genealogy and DNA testing service, a researcher uncovered 92 million account details related to the company sitting on a server, according to an announcement from MyHeritage. The data relates to users who signed up to MyHeritage up to and including October 26, 2017 -- the date of the breach -- the announcement adds. Users of the Israeli-based company can create family trees and search through historical records to try and uncover their ancestry. In January 2017, Israeli media reported the company has some 35 million family trees on its website. In all, the breach impacted 92,283,889 users, according to MyHeritage's disclosure.

Re:Gives a whole new meaning: Who's your daddy?

[TechyImmigrant]

>Who's your daddy?

In my family's case, it was "Who's your uncle?" and "Who's your cousin?".

My wife's bible bashing, holier than thou grandfather was dipping his wick in many places it seems. The denial on the part of the bible bashing, holier than thou, next generation was remarkable.

23andme uncovered these things.
 

This ought to be particularly alarming

DNA testing results are particularly sensitive information. While these sites use the information to identify ancestry, they can also test for genetic risk factors for developing various illnesses. That information may be very useful to individuals who can make lifestyle and medical decisions to mitigate those risks. Unfortunately, that information can also be used by insurance companies to deny coverage and by potential employers to not hire people who are at higher risks to develop some medical conditions.

There needs to be a certification process for handing sensitive data, meaning that businesses must be certified before they're legally allowed to handle information like DNA test results. That certification process should require third party audits to ensure that various standards are met. This would be followed up with random unannounced periodic checks to ensure that the business is still in compliance with those standards. Any business that is handling such data without certification should be subject to penalties at least as severe as if all the sensitive data was compromised in a breach. There needs to be standards for handling sensitive data and a certification process to ensure that the data is handled properly.

Re:Gives a whole new meaning: Who's your daddy?

[Kozar_The_Malignant]

We don't legally punish the person whose house get's broken into by a burglar for not securing their house properly.

> That's because I'm not generally storing my stuff in my neighbor's house. However if I loan my lawnmower to my neighbor, and it gets stolen because he left his garage door open overnight, he is generally responsible civilly for my loss.