'White hat' hacker discovers names of 'anonymous' volunteers of genome study in security drill

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.independent.co.uk/news/science/white-hat-hacker-discovers-names-of-anonymous-volunteers-of-genome-study-in-security-drill-8457739.html

By STEVE CONNOR
The Independent
17 JANUARY 2013

A former "white hat" hacker hired by banks to test their computer security 
has been able to discover the names of individuals who volunteered to take 
part in genome studies on the condition of anonymity.

Nearly 50 people who had agreed to have their genomes sequenced and placed 
on scientific databases provided that their names would not be used were 
identified by Yaniv Erlich as part of an exercise to test the 
vulnerability of personal data held in DNA libraries.

The revelation will prove embarrassing for organisations who have promoted 
the widespread use of genome sequencing in medical research. Last month, 
the Government announced a plan to sequence the genomes of 100,000 Britons 
to boost the discovery of new drugs and treatments.

Dr Erlich used computer algorithms to link DNA sequences, particularly of 
the male Y chromosome, with surnames and other personal data held on 
genealogy databases as part of a deliberate attempt to test the security 
of the ?anonymised? information held on genome databases.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.