Privacy, Data Security

Genetic testing firm faces FTC charges on data privacy violations

CyberScoop reports that California-based genetic testing company 1health.io, which was previously Vitagene, has been charged by the Federal Trade Commission for inadequately protecting collected genetic and health data. The FTC has alleged the company's negligence in securing its data after the exposure of almost 2,400 records from at least 227 customers in public AWS data buckets, which was only resolved by the company after the discovery of the insecure buckets was shared by a researcher with the media. Moreover, 1health.io was accused of misleading its customers after implementing retroactive changes to its privacy policy, which the company then leveraged to facilitate data sharing with third parties. Aside from paying $75,000 in fines, 1health.io has been ordered to halt third-party data sharing without affirmative customer consent, adopt a more robust security program, immediately inform the FTC regarding unauthorized consumer health data disclosures, and destroy all DNA samples stored for over six months.

Related

Ransomware attack impacts law enforcement data in Wichita

Law enforcement data were compromised in a ransomware attack on the city government of Wichita, Kansas, giving hackers access to an unspecified number of people’s personal information, including names, Social Security numbers, driver’s licenses and other state IDs, and payment card information, reports The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.