In a major security breach, popular DNA ancestry company 23andMe has revealed that hackers gained access to the personal data of nearly 7 million of its users, affecting approximately half of its user base. The breach, which occurred in October, has exposed highly confidential information, raising serious concerns about user privacy.
Key Takeaway
A massive data breach has exposed the private information of nearly 7 million 23andMe users, impacting about half of the company’s user base. Users who had opted into the DNA Relatives and Family Tree features are particularly at risk, as sensitive personal information may have been accessed by hackers. The incident raises significant concerns surrounding user privacy and the responsibility of companies to promptly and accurately disclose security breaches.
Hackers Target 23andMe’s Digital Archives
23andMe, known for its services that allow individuals to explore their genetic history and connect with relatives, experienced a significant breach as cybercriminals infiltrated their digital system. While the company initially disclosed the incident, the extent of the breach and the nature of the compromised data are now being unveiled.
According to company representatives, approximately 6.9 million individuals, representing about 50% of 23andMe’s total user base of 14 million, were affected by the hack. However, the impact on each user varied depending on their engagement with certain features.
Potentially Exposed Private Data
Of the affected users, around 5.5 million had opted into 23andMe’s DNA Relatives feature. These individuals potentially had their most sensitive information accessed by the hackers. The DNA Relatives feature allowed users to upload personal details such as names, birth years, relationship labels, percentage of DNA shared with relatives, ancestry reports, and self-reported locations. The breach exposed this information, leaving users vulnerable to privacy breaches and potential misuse of their data.
Additionally, 1.4 million users who had also opted into the Relatives feature had their Family Tree profiles illegally accessed. This profile contains similar user-shared details as mentioned earlier, excluding ancestry and DNA matching information. The breach of these profiles is particularly concerning as it affects a larger number of individuals linked within a family “tree.”
Controversy Surrounding 23andMe’s Response
Following this alarming update, 23andMe faces criticism for initially downplaying the breach. In a filing with the Securities and Exchange Commission (SEC), the company had stated that only 0.1% of its customers’ accounts were impacted. However, the recently revealed figures strongly indicate that the situation was far more severe than what was publicly acknowledged, leading to concerns about transparency and user trust.
