92m records stolen from DNA testing site

The email addresses of more than 92 million customers have been stolen from Israel-based DNA testing site MyHeritage in a data breach, the company has warned.

A file containing email addresses and hashed passwords of all users who had signed up for MyHeritage up until 26 October last year was discovered by an unnamed security researcher and sent to the company's information security team, MyHeritage said in a blog post.

No other data related to MyHeritage was found on the server and there is no evidence that any more sensitive information such as family trees or DNA data had been compromised. This information is stored on a separate system with more robust security functionality than the server hosting the email and hashed password database.

But the company has set up an Information Security Incident Response Team to investigate the incident and plans to engage an independent cybersecurity company to conduct forensic reviews to determine the scope of the intrusion.

MyHeritage is also taking steps to fulfil the requirements of the EU's General Data Protection Regulation (GDPR) and inform regulators of the breach, and it has established a 24/7 security customer support team to field queries about the incident.

Finally, the company is expediting work on introducing two-factor authentication functionality for interested users.

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.