Researchers from the University of Washington Paul G. Allen School of Computer Science & Engineering found that GEDMatch leaves users’ sensitive genetic data vulnerable to compromise and impersonations. GEDmatch is a public site where anyone can upload their data, this is different than the private DNA genealogy sites which do not share one’s DNA information other than with the client DNA owner. The study revealed a malicious user could mine data on GEDmatch to approximate a user’s genetic makeup. The “fraudster” could then use that information and create a profile that could appear to be another relative. From the profiles the researchers created they were able to guess more than 90 percent of the DNA of other users. The researchers ask “What are the privacy issues associated with sharing genetic data online?’”
The choice to share one’s genealogy data is a personal one. People should be aware that there may be risk whenever they share data.
GEDmatch was contacted by the study authors and said it is working to resolve the issues. The creator of GEDmatch said, “But no matter what you do, there will always be some potential for privacy invasion when you are doing genealogy. Genealogy is a procedure in which you want to compare your information to other people’s.”
To read more about this see: https://www.technologyreview.com/s/614642/dna-database-gedmatch-golden-state-killer-security-risk-hack/
To read the study see: https://dnasec.cs.washington.edu/genetic-genealogy/ney_ndss.pdf