Enquiring minds want to know...
Since the stolen data was originally gathered by Orchid Cellmark, does this count as an orchidectomy?
A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old "legacy" database the company forgot it had. The genetic testing firm, DNA Diagnostics Center (DDC) reached a …
"We take security very seriously and we are sorry"
Yeah thanks, now DNA, arguably the most private personal information of all, is all over the internet/stolen for all to see. One of the 500 reasons I'd never give my DNA to some private company. Blows my mind when people send a swab off to check their ethnicity makeups or the like.
" swab off to check their ethnicity makeups or the like."
Which is complete and utter bollocks anyway.
It for sad people who desperately cling to some meaningless strand of history to attempt to make their lives more "interesting"
Yes, looking at you in the state's claiming a great, great grandparent once had a dirty weekend in Dublin, so that makes you part Irish
Here we see what happens when you cheap out and/or outsource your IT from in house, if you ever had a proper IT team in the first place. Devs are wonderfully creative people but most don't care for operational requirements, if root/admin gets the job done to run something then so be it, no time to faff around with user privs stuff, that's an ops dept job. Then you get a service company who barely gives a monkey's 'cos they get their money alreadt and you're just another customer. ( Trust me I've worked in a very large outsourcer and you're told to do bare minimum to cover contract requirements. ).
So you don't have anyone watching your kit and your data and next thing stuff just slips through the cracks and some naughty boys and girls will have fun with your stuff!
Less than 20c per data subject!.
If you're going to let them off that cheaply the settlement should at least include a requirement that any public statements about their data security be honest and accurate: "We didn't care enough about customer data enough to secure it."
But these breaches will continue until fines are big enough to bring a few companies down. Only then will manglement think security and IT expertise are worth spending money on.
It is common in the US for businesses to ask for your social security number.
I always refuse to provide my SSN a real requirement is verified.
I find 9 times out of 10 they are "just asking" and for no legitimate reason.
EXCEPT in my state it is now required by the Motor Vehicle Department (in my state at least).
I'm not sure when this became state law. I only know the last time I renewed my drivers license I did finally have to give them my SSN.
Elephant in the room: what was Cellmark doing with Social Security Numbers in the first place? There is no legitimate need for them outside of employment and banking. Unless Cellmark were coordinating with govt. databases, they should not have been requiring clients to submit them.