GEDmatch Data Breach Lawsuit Investigation

On July 22, 2020, GEDmatch admitted that the DNA records of around one million users had been made available to police in the wake of recent data breaches.

DNA profiling companies like GEDmatch are increasingly popular among people wanting to learn more about their family background. However, law enforcement agencies are also pushing for more access to these genetic databases to try to solve crimes with DNA evidence.

According to Techcrunch, GEDmatch does not report on how often its data is requested by law enforcement, in contrast to rival DNA analysis companies like 23andMe and Ancestry.com.

Prior to these July 2020 breaches, GEDmatch had controversially allowed law enforcement to search its database. This practice of acquiescing to government search warrants has been criticized by privacy advocates, including the ACLU.

Shortly after the GEDmatch data breaches, malicious actors allegedly used the leaked email addresses to mount a phishing attack on users of a different genealogy website, MyHeritage. Buzzfeed News alleges that this phishing attack appeared to target email addresses obtained from GEDmatch. Users of both websites may be at risk.

While the rise of affordable DNA analysis technology has brought better knowledge of ancestral heritage and health outcomes to many people, it has also increased the risk of sophisticated fraud. According to an expert cited in SilconANGLE, malicious actors may use DNA data to commit identity theft, insurance fraud and targeted spear-phishing campaigns.

UC Davis School of Law Professor Elizabeth Joh weighed in on GEDmatch’s data breaches to TechCrunch:

“A privacy breach in a genetic genealogy database underscores the woefully inadequate regulatory safeguards for the most sensitive of information, in a novel arena for civil liberties. It’s a mess.”

Gibbs Law Group is a leader in emerging litigation involving consumer privacy and data security. Our data breach and privacy team has achieved groundbreaking reforms and recovered hundreds of millions of dollars for plaintiffs in cutting-edge, high-profile cases, including lawsuits against Equifax, Anthem, Adobe, VIZIO, Lenovo, and Banner Health. Our attorneys helped negotiate record-breaking settlements, including the $1.5 billion Equifax Data Breach settlement and the $115 million Anthem Data Breach settlement. We secured a $17 million settlement in the VIZIO smart TV class action lawsuit that forced VIZIO to delete all of the data it wrongfully collected. Our attorneys were appointed by a federal judge to serve in a leadership position in privacy litigation against Zoom, and we are also pursuing cutting edge privacy issues in litigation against facial-recognition company, Clearview AI.

Eric Gibbs co-founded the American Association for Justice’s Data Breach and Privacy Litigation Group and has been recognized with numerous accolades for his privacy work, including a California Lawyer Attorney of the Year (CLAY) award for the Anthem Data Breach Lawsuit settlement, and has been named a “Top Plaintiff Lawyer in California” by the Daily Journal and a “Cybersecurity and Privacy MVP” and “Consumer Protection MVP” by Law360. In addition, Gibbs Law Group partners Andre Mura and David Berger have been recognized for their data breach and privacy expertise. Andre Mura was honored as one of the Top Cybersecurity/ Privacy Attorneys Under 40 by Law360 and David Berger is the current chair of the American Association for Justice’s Data Breach and Privacy Litigation Group, contributes to a data privacy think tank, and consults with state and federal legislators on data breach and privacy issues.