GEDMatch, the site some genealogists utilize to match with others from different DNA testing sites has suffered a data breach. While people could opt-out to share their data with law enforcement it found over one million users who had opted not to help law enforcement had been forced to opt-in. GEDmatch changed its policy in May 2019 so that only users who explicitly opted to help law enforcement would show up in police searches. They found two back-to-back hacks which over rode the users settings.

According to the owner of GeDMatch owner, Verogen, the first breach occurred early on July 19. After shutting down the site, his team “covered up the vulnerability,” he said, and brought it back online, but only briefly. “On Monday we took the site down again because it was clear the hackers were trying again.”  The site remained down or a week.

The giveaway that the matches were not actual relatives was that their DNA was too good to be true, said Leah Larkin, a biologist who runs DNA Geek, a genealogical research company.

To read more see: https://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html

Thank you to Teven Laxer, members IAJGS Public Records Access Committee for sharing the article with us.

Jan Meisels Allen

Chairperson, IAJGS Public Records Access Monitoring Committee