In its first case focused on the security and privacy of genetic information, the Federal Trade Commission has charged genetic testing company 1Heath.io with failing to secure its customers’ genetic data by storing health reports of more than 2,000 of its customers in the cloud without encryption or access controls.

The San Francisco-based firm, called Vitagene prior to a 2020 name change, sold “DNA Health Test Kits” that instructed customers to send in a saliva sample by mail and fill out an online questionnaire about their health, ancestry and lifestyle. It used the information to generate health and wellness reports identifying a customer’s risk of developing certain health conditions like high cholesterol or obesity based on their genetics, bundling the data along with vitamin subscriptions and nutritional coaching for a product package that could cost up to $259.