Cyber Monday Deal is Here

23andMe Data Breach Affected Half of its Client’s Information

  • 26 September 2024
  • 9 mins read

Table of Content

Table of Contents

The data breach compromised personal information for over half of the popular genetic testing company's 6.9 million customers. The recent 23andMe data breach shows a growing concern that are no longer simply attacking our bank accounts, but also our publicly available data. 

Get to know how this happens, and learn how to protect yourself against growing cyber threats.

What Happened in the 23andMe Data Breach?

In 2023, a data breach occurred at 23andMe, a renowned genetic testing company. The breach was prompted by a flaw in the company's opt-in feature, which enabled relatives to communicate with one another. 

This vulnerability exposed millions of consumers' personal information, including names, birth dates, genders, ancestry reports, and raw genetic data.

Hackers especially targeted clients of Chinese and Ashkenazi Jewish origin, implying that the information was being sold or trafficked on the dark web for targeted attacks. 

23andMe reached a $30 million settlement to pay affected customers and strengthen its security protocols.

The hack went unnoticed for five months before being disclosed in October 2023, affecting an estimated 6.9 million users. 23andMe implemented several security measures to avoid future attacks and alerted affected individuals.

What Was the Impact on 23andMe Customers of This Breach?

The data leak at 23andMe had a substantial impact on customer trust. Many clients felt violated and concerned about the privacy of their genetic information. 

While 23andMe responded to the hack and reassured customers, the incident underscored the risks of storing and sharing genetic data.

This Cyberattack Targets Millions of 23andMe Customers

23andMe has finished its investigation, which was helped by third-party forensics specialists. They are currently in the process of notifying concerned customers, as required by law.

“Since detecting the incident, we emailed all customers to notify them of the investigation and are continuing to notify impacted customers, based on applicable laws,” according to 23andMe.

Most of the affected victims (5.5 million) used a feature called “DNA relatives” to find family members, while the rest (1.4 million) used a feature called “Family Tree.”

They also made it clear that the information was gathered by credential stuffing,

The threat actor used the compromised credential-stuffed accounts to access the information.

They also guided their customers to take preventive measures by saying:

“We also required every 23andMe customer to reset their password. In addition, 23andMe now requires all new and existing customers to log in using two-step verification.”

What are the Potential Privacy Risks from Exposed Data?

When data is exposed, it can result in several major privacy concerns. This can occur through a variety of means. Once data gets attacked, it is tough to recover, with serious privacy risks. The following are some of the most prevalent privacy risks linked with exposed data:

Emotional Distress

The experience of identity theft can be emotionally devastating, causing worry, anxiety, and a loss of trust.

Discrimination Based On Genetic Information

Disclosed genetic information could potentially be used to discriminate against people in fields such as employment, insurance, and healthcare.

Social Engineering Attacks

Exposed data can be exploited to trick people into disclosing sensitive information or taking actions that benefit the attackers.

Targeted Attacks & Harassment

Exposed data can be used to target people based on their personal qualities, resulting in discrimination and harassment.

Fines and Penalties

Organizations that fail to protect sensitive data risk facing substantial fines and penalties.

How to Take Immediate Action in Case of a Data Breach

By taking these initial steps, you may help reduce the potential effect of a 23andMe data breach while also protecting your personal information. 

If you suspect a data breach involving 23andMe, you should take these quick steps:

Reach Out Directly

Contact 23andMe customer care right away to report the alleged breach and inquire about their response.

Check For Updates

Watch 23andMe's website and social media outlets for official news and updated security protocols regarding the breach.

Change the Password

Change your 23andMe password immediately and set a strong and complex password to avoid illegal access.

Enable Two-Factor Authentication

If it is available, enable two-factor authentication for enhanced security.

Watch Out For Any Unusual Activity

Keep a check on your bank accounts, credit reports, and other internet accounts for any unusual behavior.

Frequently Asked Questions (FAQs)

  • How can I know if my 23andMe info was compromised?

    Plus

    23andMe has alerted consumers who are suspected to have been affected by the breach. If you are a 23andMe customer and have not received a notification, go to Have I Been Pwned to check your credentials.

  • Can 23andMe sell my genetic information?

    Plus

    23andMe does not sell, lease, or rent your genetic information without your specific permission. As stated in the Privacy Statement, 23andMe shares your information with service providers.

  • What data was released from 23andMe?

    Plus

    The hacked data includes user profiles, ancestry information, and, in certain cases, health-related information. This incident prompted serious concerns about the privacy and security of genetic information, underlining the need for strong data protection measures in the age of DNA testing.

  • How did the breach occur?

    Plus

    The data leak affects around 6.9 million customers. The incident was caused by credential stuffing, which is when hackers use stolen usernames and passwords from other websites to gain access to 23andMe accounts.

  • Simplify your online presence today

    With PurePrivacy, make sure all your personal data remains safe without a hassle!

Wrapping Up!

The 23andMe data leak serves as an urgent reminder of the risks involved in maintaining sensitive personal information. Such cyber-attacks could have far-reaching effects, including financial fraud, stolen identities, extortion, and privacy concerns.
PurePrivacy with a VPN can help you overcome these privacy issues. PurePrivacy allows you to take control of your data, reduce your online record, and protect yourself against data breaches. PurePrivacy's features and dedication to data security make it a vital tool for you if you value your online privacy.