Pair of personal-health data breaches reported – one involves biometric identifiers

Lawyers defending U.S. companies sued for breaking biometric privacy laws sometimes make comparisons between the large fines businesses face and the theoretical harm a person might suffer if their identifiers were misused or stolen.

The implication is that biometrics theft is inconsequential for victims and rare compared to the large and growing number of biometric information privacy cases businesses face.

And yet, breaches continue. Two companies that deal in personal health information companies are talking about data losses. One of them, a life insurance firm, even lost biometric security information.

The two companies are Pan-American Life Insurance Group, which goes by PALIG, and consumer gene-search company 23andMe.

According to the trade publication Security Magazine, PALIG executives realized October 5 that an unauthorized third party pulled files from a MOVEit transfer. They announced the find this week.

Information in the stolen files included biometric data; various business account, driver’s license and Social Security numbers; and demographic information. The scope of the attack is not known.

In contrast, the personal data of 14 million 23andMe customers, or half of the total, have been stolen, according to reporting by trade publication TechCrunch.

Taken were names, birth years, location, ancestry reports and how much DNA is shared with relatives. Display names and relationship labels were taken for some victims as well.

TechCrunch reports that the data is for sale for $1 to $10 per 23andMe account.

Article Topics

biometric data  |  biometric identifiers  |  biometrics  |  data privacy  |  data protection