Security flaw found in genetic ‘anonymity’

Using nothing more than an internet connection, scientists were able to hack the identities of 50 individuals who had donated DNA for research.

The deliberate security breach is said to have important implications for privacy.

The US donors, whose names have not been released, were participants in the 1000 Genomes Project, an international collaboration gathering large amounts of freely accessible genetic material for scientists around the world.

All provided DNA samples from which their complete genetic codes, or genomes, were sequenced.

Their identities should have been secret but a team of scientists conducting a security test uncovered them by homing in on genetic markers on the male Y chromosome and consulting genealogy databases.

The markers, known as short tandem repeats, or Y-STRs, are passed from father to son, like a man’s surname.

Cheap genetic sequencing is already allowing genealogy companies to take advantage of this to help trace people’s family trees. Publicly accessible databases exist which link voluntarily shared Y chromosome markers to certain surnames. Two of the most popular allow access to nearly 40,000 records matching Y-STRs to surnames.

The scientists began by cross referencing Y chromosome information obtained from the anonymous samples with that kept on the genealogy databases and were able to pull up a number of surnames which acted as the starting point for a wider search.

After scouring a range of other information sources they followed the identity trail to almost 50 family members who had donated DNA to the 1000 Genomes Project, including women.