Genetic testing company 23andMe recently confirmed a data breach impacting millions of users in October 2023. While the company initially downplayed the severity of the incident, claiming only 0.1% of accounts were affected, later investigations revealed a broader scope. Here’s what we know so far:
What happened:
- Hackers accessed user accounts through a technique known as “credential stuffing,” using passwords stolen from other websites.
- Once inside, they accessed information from connected DNA Relatives and Family Tree features, potentially exposing data for millions of users.
- The compromised data could include names, email addresses, birthdates, geographic locations, and ancestry trees.
Number of affected users:
- Initial reports suggested that 14,000 users were impacted.
- Later investigations revealed that the data of approximately 6.9 million users was potentially accessed.
- This represents a significant portion of 23andMe’s user base, raising concerns about personal and sensitive genetic information security.
What 23andMe is doing:
- The company has emailed affected users and published updates on its website.
- It has also offered free credit monitoring and identity theft protection services.
- 23andMe claims they have implemented additional security measures to prevent future breaches.
What you can do:
- Review the notification from 23andMe and take any recommended actions.
- Change your passwords for 23andMe and all other online accounts, especially those using the same password.
- Be vigilant for any suspicious activity, such as unauthorized access attempts or changes to your account information.
- Consider taking additional steps to protect your privacy online, such as using two-factor authentication.
Impact and implications:
- This data breach raises severe concerns about the security of genetic information and potential misuse.
- It highlights the importance of choosing reputable companies with robust data security practices when sharing personal information.
- It also underscores the need for clear and transparent communication from companies experiencing data breaches.
The investigation is ongoing, and more information may come to light in the coming weeks and months. It’s essential to stay informed and take steps to protect your privacy in the meantime.