Lessons From The Choice DNA Data Breach

To protect yourself from potential data breaches when using facial recognition or DNA services like ChoiceDNA’s FACE IT DNA, customers can take several precautions to minimize the risk of their personal data being exposed. The ChoiceDNA data breach is a wake up call for data protection. Here are some practical steps:

1. Research the Company’s Data Security Practices

  • Before using a service, customers should thoroughly research the company’s privacy policies and data security practices. Look for information on how biometric and DNA data is stored, processed, and protected.
  • Ensure the company uses encryption to protect sensitive data, both during transmission (e.g., while uploading photos) and while at rest (in databases).
  • Verify if the company complies with relevant data protection regulations, such as the Biometric Information Privacy Act (BIPA) or other state laws, especially if you live in a jurisdiction with such protections.

2. Check for Transparency and Consent

  • Ensure that the company requires explicit consent before collecting, storing, or sharing biometric or DNA data. Reputable companies will clearly explain how your data will be used, stored, and whether it will be shared with third parties.
  • If the company does not make it easy for you to understand how your data will be handled, this could be a red flag. Be wary of any service that lacks clear consent processes.

3. Limit the Amount of Data Shared

  • Only provide the minimum amount of personal information required to use the service. Avoid uploading unnecessary data that could be misused in the event of a breach.
  • Be cautious about using your full legal name, birth date, or other personal identifiers when creating accounts for such services. Consider using a separate email account to limit the exposure of your main personal information.

4. Read Reviews and Security Audits

  • Look for reviews or reports from independent security audits of the company. If the company has undergone an audit from a reputable cybersecurity firm, this is a good indication that they take data security seriously.
  • Check if there have been any past data breaches involving the company. If a company has a history of poor security practices or data leaks, it may not be the best choice.

5. Monitor Data Usage and Request Deletion

  • Ask the company what happens to your biometric or DNA data after your service is completed. Ensure there is an option to have your data deleted once it is no longer needed. Companies compliant with privacy regulations should allow you to request deletion of your data at any time.
  • If you’ve already used a service and are concerned about your data, contact the company to ask whether they still retain it and how you can ensure it is permanently deleted.

6. Use Strong, Unique Passwords and Enable Two-Factor Authentication (2FA)

  • Ensure that your account with the service is protected by a strong, unique password that you don’t use on other platforms. Weak or reused passwords can make it easier for hackers to access your account in a breach.
  • If available, enable two-factor authentication (2FA) for an extra layer of security. This will require an additional verification step beyond just a password, making it harder for unauthorized individuals to access your account.

7. Keep an Eye on Legal Developments

  • Stay informed about biometric privacy laws in your state or country. Several U.S. states have enacted specific protections for biometric data. Know your rights and what protections are in place to hold companies accountable in case of data misuse.
  • As biometric privacy laws evolve, you may gain the ability to sue companies for violating your privacy, particularly in states like Illinois with laws such as BIPA.

8. Consider the Risk of Sharing Biometric Data

  • Carefully weigh the benefits of using a facial recognition or DNA matching service against the potential risks. While these services may offer convenience or family verification, sharing biometric data can have long-term consequences if that information is compromised.
  • If the service doesn’t seem essential, it may be safer to avoid sharing biometric information unless you fully trust the company’s security measures.

9. Monitor for Suspicious Activity

  • If your biometric data has already been exposed or you are concerned about a potential breach, stay vigilant for suspicious activity, such as unexpected emails, login attempts, or unusual account activity. Monitor financial accounts, credit reports, and online profiles for signs of fraud or impersonation.
  • Consider freezing your credit if you believe sensitive information may have been compromised in a breach.

10. Report Data Breaches

  • If you believe your personal information has been compromised due to a data breach, report the incident to relevant authorities. This could include filing a complaint with the Federal Trade Commission (FTC) or your state’s attorney general. You should also inform the company and ask them to take steps to secure your data or delete it.

By taking these steps, customers can better protect their personal data when using biometric or DNA-based services and mitigate the potential risks in case of a data breach.

If biometric data is exposed or stolen, it can easily end up on the dark web, where cybercriminals can buy and sell it for a range of malicious purposes. Unlike traditional data like passwords or credit card numbers, biometric information—such as fingerprints, facial recognition scans, or DNA profiles—is permanent and cannot be changed, making it particularly valuable. Once posted or sold on dark web marketplaces, this data can be used for identity theft, creating deepfakes, or even breaching security systems that rely on biometric authentication. Criminals may also use it to impersonate individuals for fraud, gaining unauthorized access to bank accounts, or facilitating more sophisticated attacks like espionage.