GEDmatch’s commitment to user data privacy and security is a top priority. We recently learned that a small number of forensic genetic genealogy practitioners had circumvented GEDmatch settings in violation of our Terms of Use, enabling them to access the profiles of GEDmatch users who had not opted in to law enforcement searches for violent crime and homicides. Further, the practitioners had advocated not to disclose this misuse to GEDmatch, trained others to use it, and doctored reports to prevent it from becoming known. The information accessed includes relationships that were otherwise not available for the law-enforcement cases in question.
GEDmatch takes the privacy and trust of our users very seriously, and we were concerned to learn about this misuse. To address this issue, the following steps have been taken:
- We have fixed the loopholes that were raised in the report.
- We have undertaken system-wide assessments to mitigate the possibility of other vulnerabilities that may be exploited. These assessments have been incorporated into our ongoing software development life cycle.
- We will be requiring practitioners to reaffirm through an additional binding contract that they will not circumvent any GEDmatch settings or otherwise use GEDmatch in violation of the Terms of Use. GEDmatch can and will suspend accounts and take legal action in the event of any violation.
- We have notified the relevant regulatory bodies about the unauthorized access of data.
- We will continue to work with the forensic community and data security and privacy experts to support the adoption of best practices for this emerging field.
If you have further questions, please email us at GEDmatch@qiagen.com.
Thank you,
Swathi A. Kumar, Ph.D
Sr. Director, Verogen, a QIAGEN company