Last updated: January 7, 2025

Your DNA data is invaluable information about you that cannot be changed, so it’s important to keep that data safe. We’ve outlined some tips on how to keep your genetic data safe.

Sharing your DNA results in our digital world can be a fun and interesting way to learn more about yourself and your family, but keeping your genetic data safe online should be a top priority. In October 2023, 23andMe confirmed that a hacker obtained user data from at least 7 million users. Customer profile information was gathered without users’ consent from certain users that opted into sharing their profile information through 23andMe’s DNA Relatives feature. 23andMe is working with third-party forensic investigators and U.S. federal law enforcement officials to investigate the incident.

23andMe believes that hackers were able to gain access to accounts that reused their login credentials, usernames and passwords, from other sites that had been hacked. 23andMe has urged all of their users to change their password and set up two-factor authentication.

DNA Data

DNA data is your personal genetic data. This includes data about your ethnicity, susceptibility to genetic health conditions, and more that’s unique to you. As Leah Larkin from The DNA Geek points out, our genetic data is not something we can change if it’s stolen, like as a credit card number, so protecting this information is crucial. 

Probably the biggest current threat to your information getting out into the black market is just regular identity theft. As for your genetic information, there are several possible nefarious ways it could be used. The most likely is discrimination based on any number of demographic pieces of information. Theoretically your insurance companies or employers won’t be buying this information off the black market. But there are certainly groups out there who want to hurt you and would pay for access to sensitive information about you. 

You should also remember that while it’s your DNA data that may be stolen, you share some DNA with your relatives. Your stolen DNA could have implications for them, even if they haven’t taken a DNA test themselves. If your genetic data is compromised, some of the DNA data of your matches could be exposed too. If a hacker is able to access your testing account, they can see your matches’ identifiable information that they’ve let their matches view, which may include their location and family trees. This information can prove valuable for hackers because it provides them with supplemental information to steal their identity if they’ve harvested personally identifiable information from other sites.

So what can you do to keep your DNA data safe? You can review each testing company’s privacy policy so that you understand what each company is doing with your DNA data and how it’s protected. And keep reading for some best practices you can follow to keep your genetic data safe in a digital world.

YDNA testing and privacy

As Maurice Gleeson pointed out on his blog, you can choose to have your YDNA test results at FTDNA published on the Results Page of DNA projects so that they are public (and you’re more likely to find matches) on any surname project you’ve joined, or you can keep your results hidden (so that your privacy is optimized).

If your results are published, others will be able to see:

• the row number
• your kit number
• your “name” (your surname)
• your paternal ancestor name
• the country of origin
• the haplogroup
• the numerical values for each STR marker

The only data from this list which someone could potentially identify you by as an individual is the “name” or “paternal ancestor name,” and that is only if you are the only person with that particular surname or you are the sole surviving descendant of that ancestor, respectively. You can opt in or out of sharing your results at any time.

How to Keep Your Genetic Data Safe

Use strong, unique passwords and keep them safe

Creating strong, unique passwords for each account and keeping your passwords safe are two of the first steps you can take to keep your DNA data safe. 

A strong password should use at least 8 characters and a mix of uppercase and lowercase letters, numbers, and symbols. You should use a different password for every account, so that if one account is compromised, you don’t run the risk of having other accounts hacked (like in this recent case with 23andMe users). You may want to consider using a password manager to keep all of your passwords handy. 

Use multi-factor authentication (MFA)

Multi-factor authentication (MFA), also known as two-step authentication or two-factor verification (2FA), is a second way to verify that you are the person logging into your account. When you log into your account, you are then prompted to enter a one-time code that is sent to you to confirm that you are the person logging into your account.

Multi-factor authentication (MFA), also known as two-step authentication or two-factor verification (2FA), is a second way to verify that you are the person logging into your account. When you log into your account, you are then prompted to enter a one-time code that is sent to you to confirm that you are the person logging into your account.

While using MFA adds an extra step to log in, you have an extra layer of security to your account that can prevent someone else from logging into your account. 23andMe, Ancestry, LivingDNA, and MyHeritage currently offer MFA for logging into your account.

Both MyHeritage and 23andMe require that you use an authenticator app on your phone to use MFA. You’ll log into your 23andMe account, go to “Account Settings” and then under the Account Information section, you’ll click “Set up 2-Step Verification.” You’ll be prompted to enter your password. Then you’ll use the authenticator app to scan a QR that is generated. Finally, you’ll enter the verification token that appears in the authenticator app. Steps to set up “Two-Factor Authentication” at MyHeritage are very similar.

Ancestry allows you to set up MFA with a text message or email. To do so, you’ll log into your account, click on your profile, click “Account Settings,” then click on “Two-Factor Authentication” or “Two-step verification” to set it up. You can use a phone number or email to receive a one-time code. Here’s how to set up MFA in Ancestry.

How to set up MFA in Ancestry:

Log into your Ancestry account and click on your account in the top righthand side of the page. From the drop down menu, click “Account Settings.”

Click on two-step verification

Click on the “Enable” button.

Select how you’d like to receive your two-step verification code. You can select “Phone” or “Email.” 

Ancestry will then send you a two-step verification code to whichever method you selected. You’ll need to then enter that code on the Ancestry page. After that, you’ll receive a one-time recovery code to use in case you don’t have access to your phone or email. Keep this code in a safe place!

Download your raw data or DNA match lists on a trusted computer

You may want to download your raw DNA data in order to transfer it to another testing company. When downloading your raw DNA file, use a personal computer that is password-protected.  Once you’ve downloaded the raw DNA file, it’s then recommended to move and store this data file in a password-protected folder on your device or on a secure external hard drive so that there is less of a risk that your genetic data ends up somewhere that it shouldn’t.

The raw DNA file itself is a string of data that’s not comprehensible to the average person, but this data file can be uploaded to a testing site which can read the data and show you your DNA results and matches.

Advocate for legislation to protect DNA data

There are some legal protections for your genetic data. The Genetic Information Nondiscrimination Act (GINA) is a U.S. federal law that was passed in 2008 and prohibits the use of DNA data for employment and insurance company decisions. Some states have also passed their own genetic privacy legislation, including Arizona, New York, and California. Canada passed the Genetic Non-Discrimination Act in 2017, which prohibits the collection, use, or disclosure of a person’s genetic test results without their written consent.

But ultimately, stronger legislation to protect your DNA data is necessary. Let your elected officials know that increased protection of DNA data is a priority for you. 

Those living in the U.S. can contact their federal and state representatives and request that they advocate for stricter DNA data privacy laws. You can find current state and federal legislation, regulations, and case laws in the LawSeq Project’s database.

Here’s an example of what you can write to your elected officials at the federal level:

Dear [Representative or Senator] [first and last name]:

My name is [your first and last name] and I live in your district. I’m writing to urge you to support legislation for stronger DNA data privacy.

As a genetic genealogist, this issue is important to me. DNA testing is a remarkable tool to learn more about ourselves and our families that has been utilized by millions of Americans. But currently, there is no legislation at the federal level to protect our DNA from being tested by a complete stranger. For example, anyone has the ability to take a strand of your hair left behind and use it for DNA testing. 

I hope you will consider advocating for DNA data privacy legislation. Thank you for your time and consideration.

Sincerely,

[your first and last name]

[your contact information]

Diahan emailed her U.S. Representative and received a form letter back a few days later acknowledging her email, so at least she know she’s been heard.

Are you interested in more DNA news and tips? Subscribe to our monthly newsletter where we offer just that, and more!

Sign Up for the Your DNA Gude Newsletter