Privacy issues have come into the spotlight once again with a significant data breach incident at 23andMe, the leading genetic testing company.
We recently reported that the company acknowledged that a security breach had compromised the personal data of about 14,000 customers. In what seemed to be a ripple effect, the hackers gained access to “a substantial amount of files with ancestral profile information of additional users.”
However, despite the serious nature of the breach, the extent of the damage was not fully disclosed by the company earlier in October when the breach came to light.
The situation is actually even worse. As TechCrunch reported, the magnitude of the breach became starkly clear when, on Saturday, 23andMe spokesperson Katie Watson revealed to TechCrunch that close to 7 million users had had their data exposed in the breach—far beyond the 14,000 initially reported.
Watson confirmed that the breach involved the personal details of approximately 5.5 million users who had consented to participate in 23andMe’s DNA Relatives feature. The compromised data included users’ names, birth years, relationship labels, percentage of shared DNA with relatives, ancestral reports, and self-reported locations.
Watson further added that an audience of approximately 1.4 million, who had also opted for the DNA Relatives feature, found their Family Tree profile info subject to unauthorized access.
Without revealing specific numbers, Watson alluded that this illicit access encompassed details such as display names, birth years, self-reported locations, relationship labels, and disclosure preferences of the users. The company claimed that some parts of the email were “on background,” insinuating pre-agreed terms between both parties. However, TechCrunch decided to print the reply, having been given no opportunity to dismiss these conditions.
In early October, an individual claiming to be the hacker announced on a popular hacking forum that they had successfully stolen DNA information of 23andMe’s users. They displayed purloined data of a million users of Ashkenazi Jewish heritage and 100,000 Chinese users, pricing the data between $1-$10 per account. Nearly two weeks later, yet another alleged steal of 4 million records was promoted by the same hacker on the same platform.
Interestingly, TechCrunch uncovered that another hacker on a different forum had advertised an alleged dataset of stolen 23andMe customer data almost two months prior to the publicly disclosed advertisement.
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.