According to Verogen, the company that recently purchased GEDmatch, no user data was downloaded or compromised. But two days later, the genealogy website MyHeritage alerted users to a phishing scheme that targeted people who used both MyHeritage and GEDmatch. In a statement posted online, the company said it suspects the attackers may have gleaned the email addresses from GEDmatch.
Verogen has taken GEDmatch down. The company says it is working with a cybersecurity firm to conduct a forensic review and safeguard the site. That may not be enough to recover users’ trust.
Some already see giving law enforcement access to DNA profiles as controversial. As BuzzFeed News reports, this incident could limit those on both sides of the debate. If GEDmatch can’t keep data safe, users may be less likely to create DNA profiles, which could make it harder for police to use the site to solve cold cases. On the other hand, if GEDmatch can’t limit police access, users who may have made a profile on the condition it wouldn’t be used by law enforcement may not create a profile at all. That means less data for genealogists to work with.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.