A data breach occurred at the genetic testing company 23andMe, wherein hackers gained unauthorized access to sensitive user information.
The breach was discovered when hackers published a database containing data from approximately 1 million users, primarily individuals with Jewish ancestry. This database included display names, gender, birth years, and genetic ancestry results. It was also revealed that the hacker offered to sell data profiles for a price, with as many as 7 million accounts potentially being at risk.
23andMe has responded by taking the breach seriously, launching an investigation, and working with third-party forensic experts and federal law enforcement officials.
The 23andMe data breach is significant for several reasons. It exposes millions of individuals' highly sensitive genetic and personal information, potentially leading to privacy breaches and identity theft. The breach raises broader concerns about the security of genetic databases, demonstrating the risk of unauthorized access and misuse of such valuable and personal data.
The targeting of individuals with Jewish ancestry also highlights a troubling potential connection to rising antisemitism. Stronger cybersecurity measures are needed within the genetic testing industry and in protecting personal data in consumer healthtech settings.
23andMe have taken to their blog to address a few of the privacy concerns users might have relating to the data breach. They state: "Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.
We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).
If we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information."
The breach reveals the vulnerabilities of genetic databases and the potential for malicious actors to exploit sensitive information, possibly fueled by bias or hate.
Related: HIPAA Compliant Email: The Definitive Guide