Linked: DNA testing firm discloses data breach affecting 2.1 million people
I wanted to point to this statement that was put out by the company about the information that was breached, which included personal and financial account information:
“The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012.” reads the notice.
“DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC.”
There is an obvious question here, right?
Why do you still have this database sitting around?
Seriously, why? Either you’re telling the truth and you have a vulnerable system sitting out there that you’ve never even used, or you have been using it and you’re lying to save face now that data has been breached. Neither one makes you look particularly good, does it?