On November 29, 2021, DNA Diagnostics Center, Inc. notified consumers that a data breach had occurred, potentially compromising their personal, identifying, and financial information. The private information belonging to approximately 2,102,436 individuals was affected by this data breach, according to the company’s notification.

If you received a data breach notification, it is essential you understand what is at risk. More about our investigation into this breach, and what you can do if your data was stolen, is available here.

What Happened With the DNA Diagnostics Center, Inc. Data Breach?

According to the data breach notification letter, an unauthorized party gained access to the personal data contained within certain files on the company’s servers between May 24, 2021, and July 28, 2021.

Data breaches often result from data security incidents in which the unauthorized party attempts to hack into the network, typically for purposes like copying or removing data contained in the company’s servers or installing malware and other types of harmful software on the network.

After investigating the security event, the company was able to determine that the files accessed by the unauthorized party may have contained the following information:

• Names and other personal identifiers

• Social Security numbers

• Payment information (financial account numbers, credit/debit card numbers, and account security codes, access codes, passwords, or PINs)

DNA Diagnostics Center, Inc. reported that, to date, it has found no evidence of actual or attempted misuse of the potentially breached data by an unauthorized party. However, if you did receive a DNA Diagnostics Center, Inc. data breach notification letter, you should take seriously the possibility of an increased risk of identity theft, since there is a chance that an unauthorized party could be in possession of your private information and may intend to use it in a criminal way, such as for committing identity theft.

Consumers whose data has been compromised by a cybersecurity incident may have the right to seek financial compensation. Our data breach lawyers are now investigating data breach matters to assess whether the companies involved have taken the appropriate steps to keep consumers’ personal information private and secure.

What Does a Data Breach Entail?

A data breach may refer to any kind of cyberattack in which some unauthorized party—often referred to as a “hacker”—gains access to the sensitive or private consumer data stored on a company’s network or servers. Typically, the hacker who seeks access to this data is planning to use it for criminal purposes, such as committing identity theft, or to sell the data to others who would use it for illegal or fraudulent purposes. There’s no way to be certain that the unauthorized party who got ahold of your data intends to use it in such a way or has obtained the necessary combination of your data they can use to commit identity fraud. However, your data potentially being in the possession of an unauthorized party increases your risk of identity theft.

Data breaches have become disturbingly common, affecting hundreds of millions of individuals per year. Even though they occur on such a frequent basis, data breaches are often preventable, especially when companies in possession of consumer data make every effort to protect sensitive information. Companies that instead depend on outdated or inadequate data security practices to keep the data they store safe are more likely to become the targets of hackers.

One element that data breach attorneys are currently investigating is whether or not DNA Diagnostics Center, Inc. has failed to protect the private consumer data with which it has been trusted by not implementing adequate data security measures. If the investigation reveals some fault or negligence on the part of the company, the individuals whose data has been compromised may have the option to file a data breach lawsuit.

What to Do If You Are a Victim of a Data Breach

Once you receive a data breach notification letter, there are important steps you should take to protect yourself from becoming a victim of identity theft. Even if taking these steps doesn’t eliminate the risk of identity theft, they can mitigate the harm that may arise if someone does use your information to commit fraud.

1. Carefully read the data breach notification letter you received in its entirety to find out what information of yours has potentially been accessed by the unauthorized party;

2. Make a copy of the letter for your records and keep it in a safe place;

3. Follow the instructions included in the letter you received to proactively enroll in any free credit monitoring or identity protection services provided to you (the company will not automatically enroll you in this service, and your opportunity to take advantage of this free service does expire);

4. Change your passwords, PINs, and security questions not only for this online account but for all of your online accounts;

5. Enable two-factor account authentication where available to make it more difficult for others to get into your accounts;

6. Review your credit card and bank account statements and look out for any signs that could indicate suspicious activity;

7. Monitor your credit report closely and be alert for any changes that could be a sign someone else is using your identity;

8. Request a fraud alert to be placed on your profile with any of the major credit bureaus;

9. Consider putting a security freeze on your credit report with the three major credit bureaus; and

10. Let all banks and credit card companies with which you have an account know that your information has been compromised in a data breach event.

*A credit freeze is a free tool that can prevent access to your credit report—and, more importantly, the opening of fraudulent new credit accounts with information that has been breached—unless you specifically authorize access. A security freeze on your credit lasts until you contact the credit bureaus to remove the freeze. If you do decide to apply for a loan or credit account, you may also choose to temporarily lift the freeze or give a specific creditor one-time access to your credit report rather than permanently removing the credit freeze. This tool is underused but highly recommended for individuals whose sensitive personal information has been compromised. The Identity Theft Resource Center (ITRC) reported that only 3% of consumers whose information has been involved in a data leak actually put a credit freeze in place, but that adding a credit freeze is the single most effective way to prevent a new credit/financial account from being opened.”

Do You Need an Attorney for a Data Breach?

You aren’t required to hire a lawyer just because you have been a victim of a data breach. However, if you want to pursue compensation for the financial harms you suffered as a result of your data being compromised, it’s a wise idea to speak to an attorney about your legal rights and options.

Data breach attorneys have held companies accountable when their inadequate data security practices have put consumers’ data at risk. Even though the hacker is the one who initiates the cyberattack, the company in possession of your data has a legal obligation to protect your information by storing it in a comprehensive, up-to-date data security system. When a company fails to do so, it may face liability for storing data in a system that provided inadequate protection against cybersecurity threats.

Due to the complexity of data breach laws, the fact that your information was accessed by an unauthorized party while in the care of DNA Diagnostics Center, Inc. is not, on its own, enough to make this company legally responsible for your damages. Only a thorough investigation can reveal whether the company had failed to take the actions needed to protect consumers’ personal information and whether the company may be held liable for financial damages in the form of a data breach class action lawsuit.

You should reach out to a consumer privacy lawyer for a free consultation if you received a data breach notification letter. Data breach attorneys are handling matters like these on a no-win, no-fee basis, so it costs nothing to learn more about your legal rights and the process of recovering financial compensation for a data breach.

To view a copy of the data breach letter, see below.

Data Security Incident Information Center - DDC

We will keep this page updated with actions we are taking, including free credit monitoring and identity theft protection services for those whose personal information was potentially accessed.

What happened?

On August 6, 2021, DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012. The impacted database was associated with a national genetic testing organization system that DDC acquired in 2012. This system has never been used in DDC’s operations and has not been active since 2012.

Therefore, impacts from this incident are not associated with DDC. However, impacted individuals may have had their information, such as Social Security number or payment information, impacted as a result.

Upon learning of this issue, DDC proactively contained and secured the threat and executed a prompt and thorough investigation in consultation with third-party cybersecurity professionals. DDC has also coordinated closely with law enforcement following the discovery of this incident. Our investigation determined that the unauthorized individual(s) potentially removed certain files and folders from portions of our database between May 24, 2021 and July 28, 2021. DDC has been and remains fully operational, and the systems and databases that are actively used by DDC were not infiltrated.

The in-depth investigation concluded on October 29, 2021, and DDC has begun notifying individuals potentially affected by this incident.

How will you know if you were impacted?

If you know you have received a relationship test from DDC directly, this incident did not affect that test, as the information was acquired from an archived system that was never used by DDC.

Individuals whose personal information was potentially accessed are being notified in accordance with state regulations, and out of an abundance of caution to protect against identity fraud, DDC is providing a complimentary membership of Experian credit monitoring to eligible individuals.

If you received a relationship test as a part of court proceedings or independent, individual testing between 2004 and 2012 but have not received a mailed letter from DDC regarding this incident, please contact 1-855-604- 1656 as you may be eligible for complimentary credit monitoring services through Experian.

What is DDC doing?

DDC has taken steps, in coordination with its third-party cybersecurity experts, to regain possession of this personal information and ensure its safekeeping. DDC is not aware of any reports of identity fraud or improper use of the information.

Additionally, out of an abundance of caution, we are offering free credit monitoring for impacted individuals to protect against identity fraud – see below for more information. Ensuring the safety and security of the personal information entrusted to us remains our primary responsibility, and we will continue to work with third-party experts to harden our cybersecurity defenses.

If you have any further questions regarding this incident, please call our dedicated and confidential toll-free response line that we have set up to respond to questions at 1-855-604-1656 The response line is available Monday through Friday 9:00 AM to 9:00 PM, Eastern Standard Time, excluding U.S. Holidays.