Unfortunately the very thing I’ve warned about has happened. Direct-to-Consumer Genetic testing company Vitagene has left approximately 3,000 users private information exposed online FOR SEVERAL YEARS due to a mis-configured database (according to a new Bloomberg report) The info that was exposed included: Consumer’s full names, birthdates, and genetic health information..including mutations that could predispose them to developing various diseases and medical conditions. Vitagene stressed that no credit card information was exposed..but what most people may not realize is that CC information isn’t as much of a concern as the fact that 300 files that contained user’s RAW DNA* was exposed..and to make matters worse it was stored with the consumer’s names!!
* Raw DNA data is a file composed of between 175,000 to 1 million (depending on the testing company) SNP’s.(Single Nucleotide Polymorphisms- these are a variation in a single base pair in a DNA sequence..each variation is typically representative of a population to at least to a degree) Along with the SNPs the Raw DNA data file will also include the chromosome location and position of the SNP on that particular chromosome. There will also be two alleles for each SNP. (One from each parent) As I’ve mentioned in my other blog...we have been able to uniquely identify an individual with only 30 to 80 SNPs with machine learning.*
Why is having your genetic data exposed so problematic? For starters, your genomic information is the ultimate identifier tool. If it is breached it cannot be changed, like credit card information can. You can change most things..your name, location, appearance etc. but you cannot change your genetics! Another part of the problem is the laws that are currently in place to protect us against genetic discrimination are extremely flawed. (I go into depth about this in my blog about consumer genetic testing concerns pt. 2)
Vitagene CEO Mehdi Maghsoodnia told Bloomberg that they are holding themselves accountable and acknowledging their mistake..to the people involved in the breach that is probably too little too late . So far the company has not reached out to the individuals involved in the breach and informed them of the exposure of their PII. The one positive I hope that comes from this careless mistake is hopefully raising awareness for the testing companies and consumers. We need to put these direct-to-consumer testing companies on notice: You are profiting from our genetic data, the least you can do is protect us .