The news is by your side.

Data breach at 23andMe affects 6.9 million profiles, company says

USA
0

Hackers were able to access personal information on about 6.9 million profiles, including in some cases ancestors, birth years and geographic locations, using old passwords of customers of genetic testing company 23andMe, the company said Monday.

In October, a hacker posted a claim online that they had profile data on 23andMe users, the company wrote in a Securities and Exchange Commission Disclosure on Friday.

“We have not received any reports of improper use of the data following the breach,” a 23andMe spokeswoman said Monday.

The hackers used old passwords that 23andMe customers had used on other compromised sites and were initially able to compromise approximately 14,000 profiles (or 0.1 percent) of 23andMe user accounts, the company said in the SEC disclosure.

The hackers could gain access to everything available on those 14,000 profiles, including health and ancestry information, the company spokeswoman said.

The breach also opened the door to millions of other customer profiles — about half of all 23andMe customers — who wanted to use 23andMe to connect with those who had close DNA matches, she said. Users could sign up for a feature called DNA Relatives, where they could provide select information to others on 23andMe who might be a close DNA match.

The hackers accessed information from 5.5 million DNA Relative profiles, including a display name, how recently they logged into their account, the percentage of DNA shared with their DNA Relative matches, and the predicted relationship to that person , according to a statement from 23andMe. It may also include self-reported information such as geographic location, year of birth, family tree, and any photos they have uploaded.

Hackers were also able to gain access to the Family Tree profile information of approximately 1.4 million other customers who participated in the DNA Relatives feature, including display names and relationship labels. Information may also include year of birth and geographic location if the user chooses to share that data, the company said.

23andMe is in the process of notifying all affected customers as required by law. There is no timeline for when everyone will be notified, the spokeswoman said.

The company requires all customers to change their existing password and set up two-step verification, a statement said The 23andMe website.

The breach came as no surprise to Ramesh Srinivasan, a professor at the department of information studies at the University of California, Los Angeles, as these episodes have become increasingly common. There is always the possibility of information being stolen when provided to a third party, he said.

“Do we need to provide data that is so personal and so intimate to an organization that, largely speaking, only has a strong relationship with their investors and their boards?” he said.

You might also like More from author

Leave A Reply

Your email address will not be published.