Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The Federal Trade Commission (FTC) said Monday that it is distributing more than $49,500 in refunds to customers of the genetic testing company 1Health.io, formerly known as Vitagene, following a settlement reached last year over allegations that the company failed to secure sensitive genetic and health data.
The FTC’s June 2023 complaint alleged that the San Francisco-based company lied to consumers about their ability to delete their personal data, and changed its privacy policy without notifying consumers.
The agency stated that 1Health neither encrypted the data nor restricted access to it. The company also did not monitor access or maintain an inventory to help ensure the security of the data.
The FTC alleged that the company did not have a policy in place to ensure that the lab would destroy DNA samples collected from customers, despite promising that their personal data could be deleted at any time and that DNA saliva samples would be destroyed shortly after analysis.
The complaint stated that in 2020, the company revised its privacy policy to retroactively expand the types of third parties with which it may share consumers’ data, without notifying customers or obtaining their consent for such disclosures.
According to the complaint, 1Health was warned at least three times over two years that it was storing unencrypted health, genetic, and other personal information in publicly accessible data buckets.
1Health CEO Mehdi Maghsoodnia said last year that the company was first alerted in July 2019 that “a small number of customer files had been inadvertently stored in a publicly accessible location.”
There was no evidence that the files were improperly accessed, Maghsoodnia said in a statement to multiple news outlets.
“This is a case of extraordinary government overreach,” he stated. “Ultimately, we disagree with many of the FTC’s conclusions. But we look forward to finally putting this matter behind us.”
As part of the settlement, the company is required to strengthen its protections for genetic information and instruct third-party contract laboratories to destroy all consumer DNA samples that have been stored for more than 180 days.
The company is also prohibited from sharing health data with third parties without obtaining “affirmative express consent” from customers, according to the FTC.
The Epoch Times has reached out to 1Health for further comment on the matter.