Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Data breach at 23andMe exposes sensitive user information, raises privacy concerns

Written by Kirsten Peremore | October 17, 2023

A data breach occurred at the genetic testing company 23andMe, wherein hackers gained unauthorized access to sensitive user information. 

 

What happened

The breach was discovered when hackers published a database containing data from approximately 1 million users, primarily individuals with Jewish ancestry. This database included display names, gender, birth years, and genetic ancestry results. It was also revealed that the hacker offered to sell data profiles for a price, with as many as 7 million accounts potentially being at risk. 

23andMe has responded by taking the breach seriously, launching an investigation, and working with third-party forensic experts and federal law enforcement officials. 

 

Why it matters

The 23andMe data breach is significant for several reasons. It exposes millions of individuals' highly sensitive genetic and personal information, potentially leading to privacy breaches and identity theft. The breach raises broader concerns about the security of genetic databases, demonstrating the risk of unauthorized access and misuse of such valuable and personal data. 

The targeting of individuals with Jewish ancestry also highlights a troubling potential connection to rising antisemitism. Stronger cybersecurity measures are needed within the genetic testing industry and in protecting personal data in consumer healthtech settings. 

 

What they're saying

23andMe have taken to their blog to address a few of the privacy concerns users might have relating to the data breach. They state: "Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.

We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).

If we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information."

 

The bigger picture

The breach reveals the vulnerabilities of genetic databases and the potential for malicious actors to exploit sensitive information, possibly fueled by bias or hate.

RelatedHIPAA Compliant Email: The Definitive Guide