FAIRFIELD COUNTY, Ohio — Ohio and Pennsylvania have reached agreements with DNA Diagnostics Center, a company based in Fairfield, Ohio, after a data breach in 2021 exposed the personal information of over 45,000 consumers in the two states. The breach compromised the Social Security numbers and other personal data of around 33,000 Ohioans and 12,500 Pennsylvanians.
Ohio Attorney General Dave Yost said, “Negligence is not an excuse for letting consumer data get stolen. We’re proud to partner with Pennsylvania to ensure that citizens’ personal data stays private — which consumers rightly expect.” The joint investigation by Ohio and Pennsylvania found that DNA Diagnostics made unfair and deceptive statements about its cybersecurity and failed to employ reasonable measures to detect and prevent a data breach, unnecessarily exposing its consumers to harm.
Under the agreement with Ohio, DNA Diagnostics must pay a $200,000 fine and implement a new cybersecurity program that meets industry standards. The company has also hired a third party to conduct data-breach monitoring. As part of the negotiations with both states, the company must have its new cybersecurity program assessed by a certified third party and comply with the Consumer Sales Practices Act in any future collection, use, and protection of personal information.
Regarding the breach, DNA Diagnostics stated that the stolen data wasn’t its customer data, but rather data it had purchased from another company in order to expand its business portfolio. After detecting a breach in May 2021, the company’s contractor repeatedly attempted to notify DNA Diagnostics through email, but company employees overlooked the emails for almost four months. During that time, the attackers installed malware on the company’s network and extracted data.
Acting Attorney General Michelle Henry said, “The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes. That’s why my office took action with the assistance of Attorney General Yost.” Consumers affected by any data breach should monitor their credit reports to protect themselves against identity theft. More information is available at www.AnnualCreditReport.com.
