Genetic testing company 23andMe is currently under investigation by data watchdogs in the UK and Canada due to a data breach that occurred in October 2023. The breach resulted in hackers gaining access to personal information of 6.9 million individuals, including details such as family trees, birth years, and geographic locations. It was discovered that the hackers used customers’ old passwords to carry out the breach.
Although the stolen data did not include DNA records, the breach raised concerns about the security measures in place to protect sensitive information. 23andMe, a prominent player in the ancestor-tracing industry, offers genetic testing services that provide ancestry breakdowns and personalized health insights. While the company itself was not hacked, criminals were able to access about 14,000 individual accounts by using email and password details obtained from previous data breaches.
Following the breach, 23andMe notified affected customers and required them to change their passwords and update their account security settings. The UK Information Commissioner’s Office emphasized the importance of maintaining public trust in services like 23andMe, as the stored data can reveal sensitive information about individuals and their families, including health, ethnicity, and biological relationships.
The joint investigation by the data watchdogs will focus on the scope of the breach, the potential harm to users, and the adequacy of existing safeguards. Additionally, the investigation will assess how 23andMe responded to the breach and whether the company followed the necessary protocols in both the UK and Canada. Privacy commissioner Philippe Dufresene highlighted the risks associated with genetic information falling into the wrong hands, as it could be misused for surveillance or discriminatory purposes.
It is crucial for companies like 23andMe to prioritize data security and implement robust measures to protect customer information from unauthorized access. The investigation serves as a reminder of the importance of safeguarding sensitive data in an increasingly digital world. Customers should also take proactive steps to enhance their online security by using unique passwords and enabling two-factor authentication to prevent unauthorized access to their accounts.