Indiana-based genetic DNA testing and facial recognition service provider ChoiceDNA had nearly 8,000 files with sensitive biometric details of thousands of individuals, including newborns, exposed due to a WordPress folder that lacked any password protection, Hackread reports.
Included in the records stored in the unsecured WordPress folder named "Facial Recognition Uploads" were names, biometric images, phone numbers, racial or ethnic identities, email addresses, and reasons for facial DNA analysis, a report by cybersecurity researcher Jeremy Fowler published on vpnMentor showed. While ChoiceDNA immediately secured the exposed WordPress folder upon notification, threat actors could leverage the leaked biometric and personally identifiable information to conduct social engineering and phishing attacks. Individuals who have sought the services of ChoiceDNA have been urged to promptly replace their passwords with robust ones and leverage two-factor authentication, as well as be more vigilant of possible phishing attempts.