The Oklahoma City Police Department (OKCPD) has announced that personal data belonging to victims of sexual assault may have been exposed during a security incident at a DNA analysis laboratory.
In a statement released on Monday to Oklahoma news channel KFOR, the OKCPD said that a company the department previously used to perform forensic testing had been hacked.
The OKCPD said that it had only recently been made aware of the security incident at DNA Solutions Inc. DNA Solutions is a private DNA analysis laboratory whose testing facility is located at the University Research Park Campus in Oklahoma City.
The laboratory provides paternity and forensic testing in humans and sire confirmation, genotype registries, DNA banking and animal forensic identification.
Master Sgt. Gary Knight told Free Press that the OKCPD had contracted the company for two years to perform “Y-screening” (Y-chromosomal testing) to detect male DNA foreign to the victim of sexual assault.
“DNA Solutions Inc. determined that an unauthorized third party accessed their network and may have compromised certain sensitive personal and health-related information from sexual assault kits sent to them for forensic testing,” said the OKCPD.
DNA Solutions said that it discovered the hack on November 18 2021, and immediately blocked the hacker’s access to its network. An investigation was launched to determine which files had been accessed by the attacker.
The company said that while some sensitive personal and health information was compromised, the attacker did not access any personally identifiable information or financial information.
“The data did not include social security numbers, driver’s license information, or financial information,” said DNA Solutions officials in a statement. “We have notified individuals or organizations whose data may have been impacted directly.”
DNA Solutions is providing 12 months of free credit monitoring and identity theft protection services to those impacted by the security incident and is encouraging those who receive a data breach notification letter to enroll.
OKCPD said: “Although DNA Solutions, Inc. has indicated that they intend to notify individuals of the possible compromise of personal information, the Oklahoma City Police Department has decided to send its own notification.”