USUS News

FTC Refunds Customers of DNA Testing Firm Over Data, Security Issues

The genetic testing company allegedly stored nearly 2,400 health reports of 227 customers on Amazon Web Service’s cloud storage.
Save
FTC Refunds Customers of DNA Testing Firm Over Data, Security Issues
The Federal Trade Commission (FTC) building in Washington, on Sept. 19, 2006. Paul J. Richards/AFP via Getty Images
Aldgra Fredly
Updated:
0:00

The Federal Trade Commission (FTC) said Monday that it is distributing more than $49,500 in refunds to customers of the genetic testing company 1Health.io, formerly known as Vitagene, following a settlement reached last year over allegations that the company failed to secure sensitive genetic and health data.

The FTC’s June 2023 complaint alleged that the San Francisco-based company lied to consumers about their ability to delete their personal data, and changed its privacy policy without notifying consumers.

In the complaint, the FTC alleged that 1Health stored nearly 2,400 health reports of at least 227 consumers on Amazon Web Service’s cloud storage service, which is publicly accessible, despite promising consumers “rock-solid” security practices.

The agency stated that 1Health neither encrypted the data nor restricted access to it. The company also did not monitor access or maintain an inventory to help ensure the security of the data.

The FTC alleged that the company did not have a policy in place to ensure that the lab would destroy DNA samples collected from customers, despite promising that their personal data could be deleted at any time and that DNA saliva samples would be destroyed shortly after analysis.

The complaint stated that in 2020, the company revised its privacy policy to retroactively expand the types of third parties with which it may share consumers’ data, without notifying customers or obtaining their consent for such disclosures.

Related Stories
Victims of Real Estate Scheme Endorsed by Celebrities to Receive $12 Million in Refunds: FTC
8/7/2024
Victims of Real Estate Scheme Endorsed by Celebrities to Receive $12 Million in Refunds: FTC
FTC Awarding More Than $5 Million in Refunds to Ring Customers; Find Out If You Are Eligible
4/26/2024
FTC Awarding More Than $5 Million in Refunds to Ring Customers; Find Out If You Are Eligible

According to the complaint, 1Health was warned at least three times over two years that it was storing unencrypted health, genetic, and other personal information in publicly accessible data buckets.

1Health CEO Mehdi Maghsoodnia said last year that the company was first alerted in July 2019 that “a small number of customer files had been inadvertently stored in a publicly accessible location.”

There was no evidence that the files were improperly accessed, Maghsoodnia said in a statement to multiple news outlets.

“This is a case of extraordinary government overreach,” he stated. “Ultimately, we disagree with many of the FTC’s conclusions. But we look forward to finally putting this matter behind us.”

As part of the settlement, the company is required to strengthen its protections for genetic information and instruct third-party contract laboratories to destroy all consumer DNA samples that have been stored for more than 180 days.

The company is also prohibited from sharing health data with third parties without obtaining “affirmative express consent” from customers, according to the FTC.

The FTC said the settlement will be distributed among 2,432 consumers. Refund recipients are advised to cash their checks within 90 days, while those without an address on file will receive PayPal payments, to be redeemed within 30 days.

The Epoch Times has reached out to 1Health for further comment on the matter.

Aldgra Fredly
Aldgra Fredly
Author
Aldgra Fredly is a freelance writer covering U.S. and Asia Pacific news for The Epoch Times.