Saturday, April 13, 2024
HomeSECURITYGenetic testing company Vitagene accused of cheating customers and leaking their personal...

Genetic testing company Vitagene accused of cheating customers and leaking their personal data

-


Genetic testing company Vitagene accused of cheating customers and leaking their personal data

The FTC accused the company of changing the privacy policy for information already collected without proper notice to users.

US Federal Trade Commission (FTC) claimed that genetic testing company 1Health.io, also known as Vitagene, misled people when it promised to destroy their physical DNA samples and collected health data. In addition, the FTC alleges that the company did not adequately protect this information and made changes to its privacy policy without proper notice or consent from people whose data it had already collected.

By proposed agreement , Vitagene/1Health.io must strengthen its data protection practices, put in place procedures to control it, and pay a fine. The company neither admits nor denies the allegations. But, apparently, it will go to the requirements of the FTC.

“Companies that try to change the rules of the game by rewriting their privacy policies are being warned,” said Samuel Levin, director of the FTC Consumer Protection Bureau. “The FTC prohibits companies from unilaterally applying material privacy policy changes to data already collected.”

Vitagene collects a saliva sample from its clients and uses the client’s genetic data in conjunction with a health questionnaire to check for the presence or risk of developing certain conditions such as high cholesterol, triglycerides, obesity, or blood clots. After purchasing a package of products ranging from $29 to $259, the company provides customers with a report on their health, well-being, and even ancestry.

An FTC filing that proposes to settle the dispute for $75,000 and force the company to secure its data alleges that Vitagene did not securely store consumer health records and raw genotypic data. The document also states that all collected data was stored in buckets. Amazon S3 without any access control measures. Just a couple of days ago, we mentioned that S3 buckets are obviously not the most reliable. a way to store something.

While Vitagene told the agency that the disputed files were from the beta testing period and affected only a small portion of its customer base, the FTC order also contains another item from the alleged lawsuit alleging that Vitagene posted revised privacy policies on its websites in April and December 2020, which described “substantially expanded practices for the sharing of sensitive consumer health and genetic information with third parties.” This included information from consumers who purchased products and services from the company prior to April 2020 — “without any further steps to notify consumers or obtain their consent,” the commission said.

The FTC said the proposed order contains “provisions” to address Vitagene’s behavior and prevent it from “committing the same or similar acts or practices in the future.”

Mehdi Maghsoudnia, CEO of 1Health, said: “In July 2019, we first became aware that a small number of customer files were accidentally stored in a public place. There is no evidence that these customer files were downloaded or misused.”

“In response, the FTC launched an investigation that has now dragged on for almost four years. This is a case of excessive government intervention. Ultimately, we do not agree with many of the FTC’s findings, but we are pleased to finally complete this case,” Magsudnia concluded.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular