FB pixel

Biometric data and personal information exposure patched by genetic test lab

Biometric data and personal information exposure patched by genetic test lab
 

A genetic testing and “DNA Face Matching” company in the United States has left a trove of facial images and personally identifiable metadata exposed in a WordPress folder without even password protection, vpnMentor says.

Indiana-based ChoiceDNA left a folder titled “Facial Recognition Uploads” and containing an estimated 8,000 documents vulnerable, according to a post from Cybersecurity Researcher Jeremiah Fowler. Facial images and descriptions are considered biometric data, even if not processed for identification purposes, the FTC declared in a policy statement last year.

ChoiceDNA says its DNA Face Matching service uses biometrics to assess the likelihood that people are related. Even the identity of an individual who sought the service, therefore, could be sensitive information. The metadata accompanying the images included names, phone numbers, email addresses, ethnicity and notes on why the person was seeking DNA analysis.

Fowler disclosed the vulnerability to the company, and it was addressed within a week. No reply or indication of how long the folder had been exposed was provided.

Given the proximity of the company’s base of operations to Illinois, home of the Genetic Information Privacy Act (GIPA), there could yet be legal fallout.

Fowler also notes that “facial recognition services based on a photo that is uploaded without the photo subject’s consent raises potential ethical and privacy concerns.”

The post states that there is no indication at this point that any data was breached, and Fowler concludes with advice for protecting WordPress sites.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics connecting ID and payments through digital wallets, apps and passkeys

Biometrics are connecting with payment credentials, whether through numberless credit cards and banking apps or passkeys, as the concrete steps…

 

Reach of Musk, DOGE’s federal data access sets off privacy, security alarms

Led by tech billionaire Elon Musk and a shadowy team believed to be under his control, the United States DOGE…

 

Mobile driver’s licenses on the cusp of ‘major paradigm shift’

More entities have integrated the California mobile driver’s license (mDL) credential for identity verification. Although just 15 states have introduced…

 

Gesture-based age estimation tool BorderAge joins Australia age assurance trial

Australia’s age assurance technology trial is testing the new biometric tool that performs age estimation based on hand gestures. The…

 

European AI compliance project CERTAIN launches

The pan-European project to create AI compliance tools CERTAIN has kicked off its work, with the goal of making European…

 

Signaturit Group acquiring Validated ID for undisclosed sum

Spain-based digital identity and electronic signature provider Validated ID is being acquired by Signaturit Group, a European company offering identity…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events