KnowDNA Company stores a substantial quantity of users’ personally identifiable information. Although it claims to have acceptable security procedures, the company is nevertheless susceptible to cybersecurity breaches that may result in the theft of personal information and its possible use by cybercriminals. KnowDNA has revealed illegal access to the email addresses of more than 92 million customers (“MyHeritage Data Breach,” 2018). The company’s cybersecurity measures may have failed; as a result, hackers exploited the weakness to gain access to personal identifiers. Even while just email addresses were acquired during the breach, the vulnerability exposed the owners to severe attacks, such as phishing and other harmful activities, which might have led to the loss of additional valuable data.
Since the company’s databases contain genetic data, their contents are confidential and sensitive. Although management has confirmed that only email addresses and hashed passwords were accessed, a compromise of this magnitude could lead to the capture and manipulation of other personally identifiable information (“MyHeritage Data Breach,” 2018). Such a breach puts the affected users at risk for catastrophic cyberattacks. For instance, if a victim’s identifying information is stolen, he or she is susceptible to identity theft and other risks, such as fraud. Involved parties may incur financial losses due to bank account theft utilizing stolen data (Hille, Walsh, & Cleveland, 2015). Consequently, the breach may have a significant economic impact on those affected.
In addition to financial loss, the KnowDNA breach exposed individuals to severe psychological and emotional anguish. As a result of the sensitivity of the information kept in the company’s databases, such news of cybersecurity breaches may induce mental distress. Despite the manager’s promise that there is no evidence of the criminals using the stolen information, the victims may be concerned about the potential consequences (Hille et al., 2015). DNA and genetic evidence are extremely confidential and sensitive. Consequently, the possibility that a third party accessed the company’s server can induce significant concern and anxiety.