Thousands of reports generated by genetic testing firm Vitagene have been exposed online, Bloomberg reports.
More than 3,000 customer files — files that include names, dates of birth, and possible medical conditions — were publicly accessible through Amazon Web Services' cloud computing servers for years until early this month, Bloomberg adds, noting that nearly 300 of the files included raw genotyping data and a portion of those were labeled with customers' first names. The firm tells it that it has shut down access to those files and would be notifying affected customers.
"We immediately opened an investigation and blocked access to the files," Vitagene CEO Mehdi Maghsoodnia tells Bloomberg in an email.
Bloomberg adds that experts have been warning about potential exposures like this as direct-to-consumer genetic testing has become more popular. While there have been past privacy breaches at testing firms — such as one at MyHeritage in which usernames and hashed passwords were exposed — Vanderbilt University's James Hazel says this one is concerning as it is the first to include genetic information. He tells Bloomberg that people with nefarious intent could sell the information or use to blackmail users.
"Even if raw data is not attached to a name or other personally identifiable information, there's always a risk with genetic data that a person can be re-identified with that alone," he adds.