The data breach took place in November 2021 but the details of it have only been revealed this week.
A DNA testing service based in Oklahoma city has suffered a data breach in which sensitive data including information from rape kit investigations was accessed by an unknown unauthorized third party.
The Oklahoma City Police Department (OKCPD) has confirmed that personal and confidential data of sexual assault victims may have been leaked due to a data breach suffered by one of the department’s former DNA contractors.
The data breach led to the exposure of sensitive data from its rape kit investigations. For your information, the OKCPD collects DNA evidence from rape victims, which the department refers to as rape kits. These kits were sent to the DNA contractor for testing.
Details of Data Breach
On Monday, the OKCPD stated that one of its former DNA contractors, DNA Solutions Inc., became the victim of a data breach that impacted its rape kit investigations. DNA Solutions is a lab offering both forensic and relationship testing services.
According to local news station KFOR, the Oklahoma-based company performed forensic testing for the OKCPD. The company suffered a network security incident on 18 November 2021 when an unauthorized third party accessed sensitive data, including information from rape kit investigations, stored on their systems.
The company claims that it quickly secured the network by collaborating with cybersecurity experts. It also notified federal law enforcement authorities.
More DNA service data breach news
- DNA testing service data breach impacting 2.1 million users
- Ancestry.com’ RootsWeb breach: 300,000 plaintext accounts leaked
- DNA testing website MyHeritage hacked; 92 million user accounts stolen
- Software firm leaks 25GB worth of subscription & Ancestry.com user data
What Data got Exposed?
According to an email sent by the OKCPD, DNA Solutions Inc. has informed the department that “certain sensitive personal and health-related information” of sexual assault victims may be compromised. This means the rape victims were victimized again as exposure to sensitive data makes them vulnerable to a variety of new threats.
However, the DNA contractor confirmed that personally identifiable information was not exposed. The company revealed details of exposed data in an official statement that read:
The data did not include social security numbers, driver’s license information, or financial information. We have notified individuals or organizations whose data may have been impacted directly.DNA Solutions Inc
DNA Solutions has notified impacted victims through a letter and is offering 12 months of free identity theft protection and credit monitoring services. Those who received a letter from the company are encouraged to avail this offer.