Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Data breach at 23andMe exposes sensitive user information, raises privacy concerns

Picture of Kirsten Peremore Kirsten Peremore October 16, 2023

HIPAA breaches & fines
Data breach at 23andMe exposes sensitive user information, raises privacy concerns

A data breach occurred at the genetic testing company 23andMe, wherein hackers gained unauthorized access to sensitive user information. 

 

What happened

The breach was discovered when hackers published a database containing data from approximately 1 million users, primarily individuals with Jewish ancestry. This database included display names, gender, birth years, and genetic ancestry results. It was also revealed that the hacker offered to sell data profiles for a price, with as many as 7 million accounts potentially being at risk. 

23andMe has responded by taking the breach seriously, launching an investigation, and working with third-party forensic experts and federal law enforcement officials. 

 

Why it matters

The 23andMe data breach is significant for several reasons. It exposes millions of individuals' highly sensitive genetic and personal information, potentially leading to privacy breaches and identity theft. The breach raises broader concerns about the security of genetic databases, demonstrating the risk of unauthorized access and misuse of such valuable and personal data. 

The targeting of individuals with Jewish ancestry also highlights a troubling potential connection to rising antisemitism. Stronger cybersecurity measures are needed within the genetic testing industry and in protecting personal data in consumer healthtech settings. 

 

What they're saying

23andMe have taken to their blog to address a few of the privacy concerns users might have relating to the data breach. They state: "Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.

We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).

If we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information."

 

The bigger picture

The breach reveals the vulnerabilities of genetic databases and the potential for malicious actors to exploit sensitive information, possibly fueled by bias or hate.

RelatedHIPAA Compliant Email: The Definitive Guide

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.