DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons.
The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021.
The information that the hackers accessed includes the following:
- Full names
- Credit card number + CVV
- Debit card number + CVV
- Financial account number
- Platform account password
The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today.
“The impacted database was associated with a national genetic testing organization that DDC has never used in its operations and has not been active since 2012.” reads the notice.
“DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC.”
DDC is working with external cyber-security experts to regain possession of the stolen files and ensure that the threat actor won’t propagate them further. So far, there have been no reports of fraud or improper use of the stolen details.