6.9 million users of 23andMe had personal information stolen by hackers

An estimated 6.9 million users of genetic testing company 23andMe had their personal information stolen by hackers in a recent data breach, a company spokesperson confirmed to The Hill on Monday.

A 23andMe spokesperson told The Hill that an estimated 5.5 million users had access to the company’s data. DNA relative functionThis helps users find and contact family relatives who also have this feature enabled.

The hackers also compromised data on 1.4 million family tree profiles, which includes a variety of identifying information about users, a spokesperson said.

First reported by TechCrunch An estimated 6.9 million users were affected by this breach.

23 and me First to announce data breach He said in early October that both third-party forensic experts and federal law enforcement officials were assisting in the investigation.

Last Friday, the company announced that the investigation had been completed. and the research results submitted. Cooperation with the U.S. Securities and Exchange Commission.

The company said in its findings that hackers were able to access 0.1% of its user data, which the company called a “negligible percentage.” A spokesperson confirmed on Monday that this equates to about 14,000 users.

The hacker was able to access the account if the username and password used on the 23andMe website matched those used on other previously compromised websites, a spokesperson said.

The spokesperson added that the hackers used this information to access DNA kinship profile files and family tree profile information.

“There is no indication that there has been a breach or data security incident within our systems, nor is there any indication that 23andMe was the source of the account credentials used in these attacks,” the spokesperson said. Ta.

company said last friday It has “taken steps” to protect user data, including requiring existing consumers to reset their passwords and forcing two-step verification methods for both new and existing users.

After 23andMe first announced the data breach in October, Connecticut Attorney General William Tong released additional information about the incident, saying the data of individuals of Ashkenazi Jewish and Chinese descent was targeted. requested.

Tong said the hack resulted in at least one million data profiles containing Ashkenazi Jewish ancestry being sold on the illegal market, and another breach exposed data relating to hundreds of thousands of people with Chinese ancestry. claimed to have been done.

At the time, a 23andMe spokesperson told The Hill that the investigation suggested that “threat actors were able to gain access to specific accounts in instances where users reused their login credentials.”

The Hill reached out to the Connecticut Attorney General’s Office and 23andMe for updates on the investigation into Tong.

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.



Sign up to stay informed to breaking news