The data breach compromised personal information for over half of the popular genetic testing company's 6.9 million customers. The recent 23andMe data breach shows a growing concern that are no longer simply attacking our bank accounts, but also our publicly available data.
Get to know how this happens, and learn how to protect yourself against growing cyber threats.
In 2023, a data breach occurred at 23andMe, a renowned genetic testing company. The breach was prompted by a flaw in the company's opt-in feature, which enabled relatives to communicate with one another.
This vulnerability exposed millions of consumers' personal information, including names, birth dates, genders, ancestry reports, and raw genetic data.
Hackers especially targeted clients of Chinese and Ashkenazi Jewish origin, implying that the information was being sold or trafficked on the dark web for targeted attacks.
23andMe reached a $30 million settlement to pay affected customers and strengthen its security protocols.
Ancestry and genetics-testing company 23andMe has agreed to a $30 million settlement following a class-action lawsuit for last year's data breach. The breach affected 6.9 million profiles, exposing sensitive data such as ancestry reports, family names, and DNA matches. pic.twitter.com/7SlxTPQmSd
— CopperTree Solutions (@CopperTree_Sol) September 20, 2024
The hack went unnoticed for five months before being disclosed in October 2023, affecting an estimated 6.9 million users. 23andMe implemented several security measures to avoid future attacks and alerted affected individuals.
The data leak at 23andMe had a substantial impact on customer trust. Many clients felt violated and concerned about the privacy of their genetic information.
While 23andMe responded to the hack and reassured customers, the incident underscored the risks of storing and sharing genetic data.
23andMe has finished its investigation, which was helped by third-party forensics specialists. They are currently in the process of notifying concerned customers, as required by law.
“Since detecting the incident, we emailed all customers to notify them of the investigation and are continuing to notify impacted customers, based on applicable laws,” according to 23andMe.
Most of the affected victims (5.5 million) used a feature called “DNA relatives” to find family members, while the rest (1.4 million) used a feature called “Family Tree.”
They also made it clear that the information was gathered by credential stuffing,
“The threat actor used the compromised credential-stuffed accounts to access the information.”
They also guided their customers to take preventive measures by saying:
“We also required every 23andMe customer to reset their password. In addition, 23andMe now requires all new and existing customers to log in using two-step verification.”
When data is exposed, it can result in several major privacy concerns. This can occur through a variety of means. Once data gets attacked, it is tough to recover, with serious privacy risks. The following are some of the most prevalent privacy risks linked with exposed data:
The experience of identity theft can be emotionally devastating, causing worry, anxiety, and a loss of trust.
23andMe's RESPONSE: The company confirmed the data's legitimacy. They believe the hackers used credentials from other breaches to access 23andMe accounts.
— Matt Johansen (@mattjay) October 6, 2023
"We do not have any indication at this time that there has been a data security incident within our systems." pic.twitter.com/TNBWWdxTEh
Disclosed genetic information could potentially be used to discriminate against people in fields such as employment, insurance, and healthcare.
Exposed data can be exploited to trick people into disclosing sensitive information or taking actions that benefit the attackers.
Exposed data can be used to target people based on their personal qualities, resulting in discrimination and harassment.
Organizations that fail to protect sensitive data risk facing substantial fines and penalties.
By taking these initial steps, you may help reduce the potential effect of a 23andMe data breach while also protecting your personal information.
If you suspect a data breach involving 23andMe, you should take these quick steps:
Contact 23andMe customer care right away to report the alleged breach and inquire about their response.
Watch 23andMe's website and social media outlets for official news and updated security protocols regarding the breach.
Change your 23andMe password immediately and set a strong and complex password to avoid illegal access.
If it is available, enable two-factor authentication for enhanced security.
Keep a check on your bank accounts, credit reports, and other internet accounts for any unusual behavior.
23andMe has alerted consumers who are suspected to have been affected by the breach. If you are a 23andMe customer and have not received a notification, go to Have I Been Pwned to check your credentials.
23andMe does not sell, lease, or rent your genetic information without your specific permission. As stated in the Privacy Statement, 23andMe shares your information with service providers.
The hacked data includes user profiles, ancestry information, and, in certain cases, health-related information. This incident prompted serious concerns about the privacy and security of genetic information, underlining the need for strong data protection measures in the age of DNA testing.
The data leak affects around 6.9 million customers. The incident was caused by credential stuffing, which is when hackers use stolen usernames and passwords from other websites to gain access to 23andMe accounts.
The 23andMe data leak serves as an urgent reminder of the risks involved in maintaining sensitive personal information. Such cyber-attacks could have far-reaching effects, including financial fraud, stolen identities, extortion, and privacy concerns.
PurePrivacy with a VPN can help you overcome these privacy issues. PurePrivacy allows you to take control of your data, reduce your online record, and protect yourself against data breaches. PurePrivacy's features and dedication to data security make it a vital tool for you if you value your online privacy.