(COLUMBUS, Ohio) — Ohio and Pennsylvania have negotiated agreements with DNA Diagnostics Center – a Fairfield, Ohio, company that provides paternity and other DNA testing – over a 2021 data breach that compromised the personal information of more than 45,000 consumers in the two states.
“Negligence is not an excuse for letting consumer data get stolen,” said Ohio Attorney General Dave Yost, whose office investigated the problems jointly with the office of Pennsylvania Acting Attorney General Michelle Henry. “We’re proud to partner with Pennsylvania to ensure that citizens’ personal data stays private — which consumers rightly expect.”
The breach exposed the Social Security numbers and other personal data of roughly 33,000 Ohioans and 12,500 Pennsylvanians.
Under the agreement with Ohio, DNA Diagnostics must pay a $200,000 fine and institute a new cybersecurity program that meets industry standards.
DNA Diagnostics hired a third party to conduct data-breach monitoring. After detecting a breach in May 2021, the contractor repeatedly attempted to notify DNA Diagnostics through email, but company employees overlooked the emails for over two months.
During those months, the attackers installed malware to the company’s network and extracted data. The stolen data wasn’t DNA Diagnostics’ customer data but, rather, data it had purchased from another company in order to expand its business portfolio.
The joint investigation by Ohio and Pennsylvania found DNA Diagnostics made unfair and deceptive statements about their cybersecurity and failed to employ reasonable measures to detect and prevent a data breach, unnecessarily exposing its consumers to harm.
“The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes,” Acting Attorney General Henry said. “That’s why my office took action with the assistance of Attorney General Yost.”
As part of the negotiations with both states, the company must have its new cybersecurity program assessed by a certified third party and comply with the Consumer Sales Practices Act in any future collection, use and protection of personal information.
Consumers affected by any data breach should monitor their credit reports to protect themselves against identity theft. For details, visit www.AnnualCreditReport.com.
If you need assistance as an identity-theft victim or if you suspect a scam or an unfair business practice, contact the Ohio Attorney General’s Office at www.OhioProtects.org or 800-282-0515.
MEDIA CONTACT:
Hannah Hundley: 614-906-9113
-30-