Privacy

Why a Data Breach at a Genealogy Site Has Privacy Experts Worried

From an article by Heather Murphy and published in the New York Times:

“GEDmatch, a longstanding family history site containing around 1.4 million people’s genetic information, had experienced a data breach. The peculiar matches were not new uploads but rather the result of two back-to-back hacks, which overrode existing user settings, according to Brett Williams, the chief executive of Verogen, a forensic company that has owned GEDmatch since December.”

Also:

“Scientists and genealogists say the GEDmatch breach — which exposed more than a million additional profiles to law enforcement officials — offers an important window into what can go wrong when those responsible for storing genetic information fail to take necessary precautions.”

You can learn a lot more in the article at: https://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html.

Family Tree Maker Software Producer Exposes Data on 60,000 Users

From an article by Phil Muncaster in the Info Security web site:

“A US tech company that manages popular family tree software has exposed tens of thousands of its users’ personal information online via a misconfigured cloud server, according to researchers.

“A team from WizCase led by Avishai Efrat discovered the unsecured Elasticsearch server leaking 25GB of data linked to users of the Family Tree Maker software.

A Word About the Privacy of Your Genealogy and Other Information

A newsletter reader wrote recently and asked a question that I think many people should think about. I replied to him in email but thought I would also share my answer here in the newsletter in case others have the same question.

My correspondent wrote:

I am relatively new to genealogy technology. Are there tips you can provide to ensure the security of personal information? Would building a family tree in software only my computer be more secure than syncing it to a webpage (like MyHeritage)? Is it a good idea to not include details (name, date and place of birth) for all living relatives and maybe back a generation or two? Thanks.

My reply:

Great questions! However, I don’t have a simple answer. In fact, I can offer several answers and suggestions.

The various web sites have lots of options to control your privacy, except for Facebook, a web site designed to steal as much of your personal information as possible and then to resell that info. You do need to read about each site’s privacy policies before using it. However, most of today’s online services have excellent methods of protecting your personal privacy and your sensitive information.

Unfortunately, the computer on your desk and your laptop computer and tablet computer probably have no such controls. Neither does your “smartphone” which probably contains more personal information about you than does any other computing device you own.

Over 750,000 Applications for US Birth Certificate Copies Exposed Online

This is a major security breach. An online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments has exposed a massive cache of applications — including their personal information.

More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. The bucket, owned by a Barcelona-based company Onlinevitalus, wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.

The data exposed was for APPLICATIONS for birth certificate copies, not for copies of the birth certificates themselves. Even so, each application contained a lot of personal information that is not supposed to be exposed, including: the applicant’s name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application — such as applying for a passport or researching family history.

You can read more in an article by Zack Whittaker in the TechCrunch web site at: https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/.

How Your Privacy Will Be Protected in the 2020 Census

Every ten years the U.S. Census Bureau conducts a nationwide survey that sets the terms for the country’s democracy. The questionnaire yields rich data, including people’s names, street addresses, ages, races, ethnicities, and other details. People’s responses help determine dynamics of power, such as how seats are apportioned in the House of Representatives, where voting districts get divided, and which communities receive federal funds.

But the bureau, tasked with releasing summaries of the results while simultaneously protecting people’s privacy, faces a Catch-22. “Every time you publish a statistic you leak information about that confidential database,” as Simson Garfinkel, a computer scientist with the bureau, told a Census advisory committee in May.

You can learn all about the privacy procedures of the 2020 U.S. Census in an article by Robert Hackett and an accompanying video in the Fortune web site at: http://fortune.com/2019/05/25/census-security-privacy/.