The alleged claim describes an unspecified volume of raw genomic sequence files, clinical diagnostic reports, and personally identifiable information purportedly linked to customers across multiple countries and jurisdictions. The group behind it, known as CoinbaseCartel, has made contact and the matter is being actively handled. The claim, as described, has not been independently verified — and based on our ongoing internal review, we have strong reason to believe it does not reflect reality.
We are not dismissing this. We are investigating every detail, cross-referencing every system, and coordinating with all relevant parties to reach a definitive answer. What we can tell you right now is that we are not standing still — and we are not silent.
This post follows active incident response coordination involving GenoBank.io and all associated laboratories named in connection with this claim. All mentioned labs are currently working to verify this claim in full and to assure every one of their customers that everything is okay.
We are taking this seriously — not because we believe it is true, but because our customers deserve certainty, not reassurance built on assumption. We will be notifying our customers shortly. There is nothing to worry about. We are making sure of that right now.
A genome is not a password. You cannot change it, revoke it, or issue a new one. It encodes not just you — but every biological relative you have, every generation that follows, and medical information that no one else is entitled to hold. Most of the time when a claim surfaces like this, the answer is simple: nothing happened, the systems are intact, here is how we know. That is the answer we are working toward right now.
| Framework | Jurisdiction | What Could Be At Stake — If This Were Ever Confirmed |
|---|---|---|
| HIPAA | United States | Genomic sequence files and clinical reports are classified as Protected Health Information |
| GDPR Art. 9 | EU / EEA | Genetic data is a special-category data type subject to the strictest protections under EU law |
| CCPA | California, USA | California residents whose genetic and personal data may fall within the described scope |
| PIPEDA | Canada | Canadian subjects reportedly among those whose data is allegedly described in the claim |
| LFPDPPP | Mexico | SomosAncestria, SomosDNA, Arion Genética & Mi-ADN operate under Mexican data protection law |
| TCPA | United States | Personal contact information allegedly present in the described dataset |
| NIST SP 800-66 | United States | HIPAA Security Rule standards covering encryption and access control |
We are working. You will hear from us.
GenoBank.io and every associated laboratory named here are actively verifying this claim end to end — engaging with all relevant parties, reviewing every system, and cross-checking every detail of what has been alleged. The expectation, based on what our review is showing so far, is that our customers will receive confirmation that everything is intact, and soon.
If the uncertainty alone is enough to unsettle you — which is completely understandable — reach out and ask directly. We will respond. We are not offering silence.
Your genetic information is not going anywhere.
It is not circulating on the dark web.
It is not being sold to illegal sequencing labs, data brokers, or foreign state programs.
Not to underground operations. Not to state actors. Not to anyone.
Because if a breach of that scale — 20 terabytes of who you are — were real and in the open, the implications would reach further than any password leak, any financial theft, any identity fraud ever could. Your genetic identity does not reset. It does not expire. And that is precisely why we are not treating this lightly — and precisely why everything we are finding so far points to one conclusion:
This claim is a bluff. Like most of them are.
We will notify all customers with our findings no later than April 11, 2026.
We are working. We are watching. You will hear from us.