Ninety percent of 40 widely known genetic testing services firms, including 23andMe, Ancestry, and MyHeritage, had received a C grade at most for their cybersecurity efforts, indicating the pervasiveness of poor cybersecurity practices across the DNA services industry, Cybernews reports.
Data breaches have impacted 85% of the companies while corporate credentials were compromised in half of the said firms, an analysis performed using the Cybernews Business Digital Index revealed. Despite such threats, only nearly 25% provided detailed privacy and security measures as more than half shared obtained user information to research partners and marketing and advertising services. Additional findings also showed that misconfigured SSLs were present among all DNA testing firms while at least three quarters experienced email security and system hosting issues. Significantly varied data retention policies also abound in the sector, with most firms keeping procured information for five to 10 years. "Some companies retain data until account deletion, while others store genetic data for up to 10 years or indefinitely for research purposes or legal compliance," said Cybernews researcher Neringa Macijauskait.
Data breaches have impacted 85% of the companies while corporate credentials were compromised in half of the said firms, an analysis performed using the Cybernews Business Digital Index revealed. Despite such threats, only nearly 25% provided detailed privacy and security measures as more than half shared obtained user information to research partners and marketing and advertising services. Additional findings also showed that misconfigured SSLs were present among all DNA testing firms while at least three quarters experienced email security and system hosting issues. Significantly varied data retention policies also abound in the sector, with most firms keeping procured information for five to 10 years. "Some companies retain data until account deletion, while others store genetic data for up to 10 years or indefinitely for research purposes or legal compliance," said Cybernews researcher Neringa Macijauskait.
