Skip to main content
Cell Phone Cell Phone Cell Phone Cell Phone Cell Phone Cell Phone

DNA Micro Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating reports that hundreds of thousands of clients who opted-in for a screen warranty have had their personal information compromised after DNA Micro allegedly leaked data from its systems. Contact our legal team if you have been impacted by this data breach incident.

What Happened at DNA Micro?

A research team from Cybernews found that DNA Micro, an Irvine, California-based company, inadvertently exposed the personal data of more than 820,000 customers. The leak was apparently caused by a misconfiguration in its systems.

Most of the victims impacted by the DNA Micro data leak were those using the services of  InstaProtek, a DNA Micro subsidiary which provides a screen warranty service. Other companies were affected by the leak such as Liquipel and Otterbox. The companies that were reportedly affected by the leak incldue the following:

  • Instaprotek
  • Otterbox
  • Liquipel
  • Health and Safety
  • LJP Construction services
  • AMP
  • 23point5
  • Intoto

DNA Micro routinely gathers customer data and stores it on its systems to administer warranty services. But the company left the data open to public access for about six months. The leaked personal data includes:

  • Full names
  • Addresses
  • Phone numbers
  • Email addresses
  • Warranty claim status
  • Phone models
  • Purchase date
  • International Mobile Equipment Identity (IMEI) numbers
  • Store from which the item was purchased
  • Cell carrier

It is not always clear what cybercriminals can do with what sometimes seems to be trivial data, but experts say even a small amount of personal data in the wrong hands can lead to fraud and identity theft. Such phone data, for instance, in conjunction with a home address, can be used to create phishing campaigns and pose a threat to consumers.

On August 16th, the Cybernews research team discovered open files containing sensitive data belonging to DNA Micro. The company was informed about the leak and has since fixed the data storage issue. But for  months, the data was in the open for threat actors to exploit the leaked data.

These bad actors could exploit the leaked IMEI numbers by replacing the numbers of stolen devices and cause disruptions to the mobile service of the device and raise the risk of malware attacks and SIM swapping.

The lawyers at The Lyon Firm are currently handling numerous data privacy cases on behalf of data theft victims nationwide. Contact us for a free legal consultation. Companies like DNA Micro have a duty to protect your personal data when they collect and store it for internal purposes. Should they fail, legal action may be the only way to hold negligent companies accountable for their actions.