Member-only story
‘Deleted’ DNA Data Just Reappeared on a Popular Database
The incident raises questions about how much control people have over their genetic data
Over the past few years, the online DNA database GEDmatch has become a powerful tool for solving cold cases. Founded in 2010 to help adoptees and genealogy enthusiasts find biological relatives, the site shot to prominence in 2018 after California police said GEDmatch led them to a suspect in the decades-old Golden State Killer case.
The open-source database allows anyone to upload their raw DNA file generated from genetic testing firms like 23andMe and Ancestry. Then, they can search for other users who share their DNA. Police use the site to upload DNA found at crime scenes, look for matching relatives, then do traditional genealogy to zero in on a suspect. The database contains around 1.5 million DNA profiles uploaded by 1.1 million users. A recent technical glitch, however, threatens to undermine users’ trust in the site.
On January 14, a technical snafu at GEDmatch caused previously deleted user data to be restored for two days. It’s the second security incident the database has experienced in less than a year. In July 2020, hackers accessed the database and exposed more than a million users’ profiles.
GEDmatch users have to give permission for their profiles to be used in law enforcement searches, but the breach overrode whatever privacy settings users had selected and made their profiles temporarily visible to all other users, including police. It’s not known what the hackers were after.
Verogen, the San Diego-based forensic genomics company that owns GEDmatch, told Future Human that the latest incident wasn’t a data breach or a hack. “There was a minor technical issue when we recently made an update to the GEDmatch database,” a company spokesperson said in an email, adding that only a small number of users were affected. While DNA files — what the company calls “kits” — briefly reappeared in some users’ accounts…
