Cyber Attack On 23andMe impacts Five Million Customers

Schubert Jonckheer & Kolbe LLP today launched an investigation into 23andMe, a leading genetic-testing company, concerning a cyberattack involving customers' sensitive personal information. Sources said. A company spokesperson said the hackers gained access to some customer accounts through reused passwords.

According to news reports, an attack on 23andMe's user data occurred on August 11, 2023. The hacker claimed to have obtained 300 terabytes of data that they intended to sell. In early October 2023, user data misappropriated in the incident appeared for sale on a hacking forum, including information from "one million 23andMe users of Jewish Ashkenazi descent and 100,000 23andMe Chinese users." The data includes personal information like name, sex, birth year, and some details about genetic ancestry results.

On October 6, 2023, 23andMe acknowledged that certain "customer profile information" which was shared through its "DNA Relatives" feature had been released. Later in October, the same hacker released an additional dataset of 23andMe user information concerning four million customers descended from Great Britain, including data from "the wealthiest people living in the U.S. and Western Europe on this list." Together, more than five million 23andMe customers may be impacted by the August 2023 cybersecurity incident.

Genetic testing company 23andMe said Monday that hackers were able to access the data of about 6.9 million people, far more than the company previously acknowledged. The hackers were then able to exploit some 23andMe features that give users significant information about each other.

As per NBC News, DNA Relatives lets users who may be distantly related see significant user information about each other, including their ancestry, DNA information, ZIP code, birth year and family member names, among other information. Through those tactics, the hackers were able to see profile information of about 6.9 million DNA Relatives users, nearly half of the roughly 14 million people who have enrolled in the program.

Connecticut's Attorney General has opened an inquiry into the matter. The Attorney General's October 30, 2023 letter to 23andMe notes that the "increased frequency of antisemitic and anti-Asian rhetoric and violence in recent years means that this may be a particularly dangerous time for such targeted information to be released to the public."