American genetic testing company 23andME has provided more information on a data breach they suffered. The company has disclosed to the SEC that hackers accessed 0.1% of its user base, estimated to be around 14000 accounts. However, the hackers were able to take advantage of the company’s DNA Relatives feature to access information beyond the initial number of accounts breached. According to Engadget, ‘DNAR profiles of roughly 5.5 million customers were accessed and Family tree profile information from 1.4 million DNAR participants'. This raises an important question about data privacy, especially since DNA is the most important and potentially dangerous data there is.
Discover our latest podcast
What information was leaked?
The leaked data contained the names of customers, the names of their family members, locations, shared DNA, ancestry reports, and birth years.Having an email address or phone number leaked on the dark web is a scary thought, so it is quite jarring to think that genealogy and DNA data will forever be floating around that mysterious network. The company did say that no genetic testing had leaked but this breach creates a precedent that should cause any potential client to weigh if getting the benefits of genetic testing are worth the potential hassle of such important information getting into the hands of anyone with nefarious intentions. Furthermore, while the leaked information may have limited potential to be damaging, what happens in the future if technology advances and one’s DNA becomes of even more importance? Could this leak have unforeseen repercussions in a technological future we don’t yet understand? It is important to think very carefully about such questions before voluntarily providing one’s DNA to private companies.
What measures were taken to protect customers?
After 23andME discovered they were compromised they instructed their customers to change their passwords, introduced two-factor authentication and started an investigation which concluded that the vulnerability in their system was neutralized. The company also informed everyone whose information was compromised and is now working on taking the leaked information down. However, it seems that despite their best efforts it will be a difficult undertaking as once something reaches the internet it can be quite a daunting task to scrub every trace of it from the network. As such, let this be a lesson on data protection for both companies and customers alike as attacks such as this have continued to see an incremental increase, thus one should do their best to protect themselves at all times.
Read more:
⋙ Google users: This common mistake could expose your password to hackers
⋙ Think your phone may have been hacked? Here's how to tell
⋙ iPhone and Mac users: Hackers could get ‘full admin access to your device’
Sources:
Endgadget: 23andMe hackers accessed ancestry information on millions of customers using a feature that matches relatives
Washington Post: Who hacked our DNA — and why?