Last December, the forensic genetics company, Verogen, purchased GEDMatch under the promise that users' DNA profiles will be protected. But Verogen said it would maintain the company's working relationship with law enforcement in hopes that the DNA database will help solve violent crimes.
Yet after agreeing to these terms, GEDMatch gave users the option of opening their genetic profiles to the police or keeping the information private. But the company confirmed on Wednesday that a breach on July 19 and July 20 forced user settings to reset allowing law enforcement access to accounts that opted to stay private.
"We became aware of the situation a short time later and immediately took the site down. As a result of the breach, all user permissions were reset, making all profiles visible to all users," a statement from GEDMatch reads. "This was the case for approximately 3 hours. During this time, users who did not opt-in for law enforcement matching were also available for law enforcement matching, and conversely, all law enforcement profiles were made visible to Gedmatch users."
A spokesperson for the company went on to claim that GEDMatch reported the incident to authorities who are investigating the potential hack.
In April 2018, GEDMatch gained attention when it was used to help arrest and convict Joseph James DeAngelo, also known as The Garden State Killer. Since then, several murderers and rapists have been found through GEDMatch. GEDMatch doesn't disclose how often it works with law enforcement like its competitors, 23andMe and Ancestry.com, who have published "transparency reports." This, along with the breach, has created a lot of questions as people are unsure if the authorities accessed these accounts when they were improperly tagged.