Biometric Breach: 8,000 DNA Face Match Records Exposed in Major ChoiceDNA Security Flaw

Biometric Breach: 8,000 DNA Face Match Records Exposed in Major ChoiceDNA Security Flaw

By
Jeremiah Fowler, Lisa Taylor @ vpnmentor
4 min read

Biometric Bombshell: Cybersecurity Expert Jeremiah Fowler Uncovers 8,000 Exposed DNA Face Match Records from ChoiceDNA

In a shocking cybersecurity breach, 8,000 sensitive DNA Face Match records from ChoiceDNA were discovered in a public WordPress folder, exposing biometric images and personal data. Cybersecurity researcher Jeremiah Fowler brought this alarming exposure to light, revealing that a vast amount of highly sensitive information was left unprotected, sparking major concerns over privacy, ethical handling, and potential misuse of the data.

In early September 2024, cybersecurity researcher Jeremiah Fowler discovered a serious security lapse involving biometric data handled by ChoiceDNA, a company offering genetic DNA testing and facial DNA matching services. Approximately 8,000 records were found in an unsecured public WordPress folder, including biometric images, names, email addresses, phone numbers, and highly personal metadata. This data was meant for ChoiceDNA's "Facial Recognition Uploads" service, which matches facial features based on DNA analysis.

Among the data were records containing racial or ethnic information, personal reasons for obtaining DNA facial analysis, and even sensitive family-related issues such as paternity disputes. The exposed information posed significant risks, including the potential for identity theft, deepfake creation, blackmail, and violation of various U.S. biometric privacy laws.

Jeremiah Fowler immediately issued a responsible disclosure to notify ChoiceDNA of the breach. However, it took over a week for the company to restrict public access to the data, and no formal response or acknowledgment came from ChoiceDNA, raising concerns about their incident response protocols.

Key Takeaways

  • Massive Data Exposure: 8,000 biometric records, including facial images and personal identifiers, were left unprotected on a public WordPress folder by ChoiceDNA.
  • High-Risk Information: Sensitive data, including family issues like paternity, was exposed, posing privacy, legal, and ethical concerns.
  • Platform Vulnerability: The breach occurred on a WordPress site, a platform often targeted by cyberattacks due to common vulnerabilities like brute force attacks and SQL injections.
  • Slow Response: Despite Fowler’s prompt disclosure, it took ChoiceDNA a week to secure the data, with no public communication about the incident.
  • Potential Legal Fallout: The breach may violate biometric privacy laws in several states, such as Illinois' BIPA and California's CCPA, placing ChoiceDNA under legal scrutiny.

Deep Analysis: What Went Wrong?

The ChoiceDNA breach underscores fundamental security failings in how biometric data is handled, especially by smaller companies operating on vulnerable platforms. WordPress, while widely used, is notorious for being a high-risk platform due to frequent cyberattacks. In 2023 alone, over 100 billion malicious login attempts targeted WordPress websites, making it imperative that companies dealing with sensitive information, like biometric data, invest in more secure infrastructure.

One of the most alarming aspects of this breach was the exposure of deeply personal family matters, such as paternity disputes and infidelity concerns. This data, if misused, could lead to serious harm, including defamation, blackmail, or harassment. Moreover, the privacy and ethical implications of using facial recognition without proper consent, particularly in a context that deals with family secrets, cannot be understated.

ChoiceDNA’s slow response also raises red flags. While Fowler disclosed the breach responsibly, ChoiceDNA’s delayed reaction—taking over a week to restrict access to sensitive records—reflects poorly on their ability to respond to cybersecurity incidents. No official response from the company suggests a lack of transparency and raises concerns about whether they have adequate incident response and communication protocols in place.

The platform’s vulnerabilities further compound the issue. WordPress, while popular, is not the most secure option for handling highly sensitive data like facial biometric images. Security experts recommend moving such operations to more secure platforms like AWS or Azure, where advanced firewalls and encryption can help mitigate cyber risks.

Did You Know?

  • WordPress’s Popularity, a Double-Edged Sword: Nearly half of all websites globally are powered by WordPress, making it a prime target for cyberattacks. In 2023, over 100 billion malicious login attempts were made on WordPress sites, highlighting the urgent need for stronger security measures on the platform.
  • Biometric Privacy Laws: In the U.S., several states have stringent biometric privacy laws. Illinois’ Biometric Information Privacy Act (BIPA) is one of the most comprehensive, requiring explicit consent before collecting or using biometric data. Violating these laws can result in substantial penalties.
  • Deepfakes on the Rise: The exposure of biometric data increases the risk of deepfake creation. With advancements in AI, bad actors can manipulate images or videos to create fake identities or malicious content that looks disturbingly real, leading to potential fraud, defamation, or blackmail.

Conclusion: Lessons for Businesses and Users

This incident highlights the critical importance of cybersecurity for businesses handling sensitive biometric data. Companies like ChoiceDNA must prioritize data security and invest in robust platforms and practices to protect user information. This includes securing websites with firewalls, encryption, two-factor authentication (2FA), and regular security audits.

Moreover, users must be vigilant. Those affected by this data exposure should update passwords, enable 2FA, and be cautious of potential phishing or blackmail attempts. With the rise of biometric data usage, securing personal information is more crucial than ever to prevent lasting consequences that extend beyond mere data breaches—into the realm of personal relationships, trust, and safety.

The breach at ChoiceDNA serves as a sobering reminder of the vulnerabilities that come with managing biometric data. It’s a call to action for both companies and individuals to take cybersecurity seriously in a world where data breaches are not just a matter of stolen information but of deep personal impact.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings