DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

OKC Police rape kit info exposed in data breach of DNA contractor

Posted on February 20, 2022 by Dissent

Brett Dickerson reports:

Victims of past sexual assault who had their DNA collected in a rape kit by the Oklahoma City Police Department now face yet more uncertainty because of a data breach.

Rape kits are used to collect DNA evidence by law enforcement agencies for sexual assault investigations.

Saturday, those who had their DNA information stored by a contractor for OKCPD in connection to sexual assault investigations were informed by a U.S. Post Office letter of the breach.

The contractor is DNA Solutions, Inc., a DNA research company located in Oklahoma City.

Read more at Oklahoma City Free Press. 

DNA Solutions is closed today, but DataBreaches.net sent an email inquiry with a number of questions about their business and the incident. No reply was immediately received, but this post will be updated if they respond when they re-open.  From their website, however, it does not appear that they are a HIPAA-covered entity or business associate.

As the Free Press reporting indicates, the firm states that “Test samples and documentation for legal cases are stored up to 5 years after your test and then destroyed.”  But who determines whether it can be destroyed earlier? If the Oklahoma City Police Department contracts with them for forensic cases, do they ever authorize them or request earlier destruction?  And does the police department review and monitor their contractor’s data security?

DNA testing came up recently in another context:  a rape victim whose DNA was collected and tested was subsequently charged with a property crime years later in an unrelated matter because law enforcement searched the victim DNA database for other purposes. As NPR reported:

San Francisco officials are criticizing the city’s police department over what officials say is a newly discovered practice inside the department of searching a database containing DNA collected from sexual assault victims to identify them as possible criminal suspects.

District Attorney Chesa Boudin said using rape kit DNA to search for suspects in separate investigations treats victims “like evidence, not human beings” and called for the practice to end.

In light of both of these breaches — one by external hackers and one by insiders misusing a database — is it time to consider or revisit the rights of crime victims whose DNA is collected and tested?  Do victims know who is storing and securing their sample and their test results? Do they have any right to direct its removal? Should those storing samples or test results be held to more rigorous security and privacy standards?

Category: Breach IncidentsHack

Post navigation

← UK: Tens of thousands of NHS patients’ private medical information leaked in shocking data breach
Allen ISD cybersecurity update: personal information of more than 500 employees hacked in September 2021 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.