COLUMBUS, Ohio (WCMH) — A Fairfield DNA testing company has now agreed to pay Ohio as a result of a data breach that spanned two states.
Attorney General Dave Yost said Thursday that DNA Diagnostics, which offered paternity tests and other genetic services, would be fined $200,000 for its role in the 2021 breach. Around 33,000 Ohioans and 12,500 Pennsylvanians had their Social Security numbers and other personal data exposed as a result.
The breach also wasn’t limited to just DNA Diagnostics’ customers. A third-party contractor had found the breach in May 2021 and tried repeatedly to alert the company via email, Yost said. However, hackers were able to load malware onto DNA Diagnostics’ network while employees overlooked the warning emails for around four months. During that time, the suspects stole data DNA Diagnostics had bought from another company to try and expand its business.
When Ohio and Pennsylvania investigated the breach together, they found the company had made deceptive statements about their network’s security, and did not have reasonable measures in place to prevent a breach. Alongside the $200,000 fine, DNA Diagnostics also agreed to create a cybersecurity program that complies with the Consumer Sales Practices Act, Yost said.
To read the full agreement between the two states and DNA Diagnostics, click here.