Recent News Articles

23andMe Says Health Data Was Included in Hack That Compromised 6.9 Million Users

6 Dec 2023 11:07 AM | Anonymous

Some 6.9 million 23andMe customers had their data compromised after an anonymous hacker accessed user profiles and posted them for sale on the internet earlier this year, the company said on Monday.

The compromised data included users’ ancestry information as well as, for some users, health-related information based on their genetic profiles, the company said in an email.

Privacy advocates have long warned that sharing DNA with testing companies like 23andMe and Ancestry makes consumers vulnerable to the exposure of sensitive genetic information that can reveal health risks of individuals and those who are related to them.

In the case of the 23andMe breach, the hacker only directly accessed about 14,000 of 23andMe’s 14 million customers, or 0.1%. But on 23andMe, many users choose to share information with people they’re genetically related to — which can include distant cousins they have never met, in addition to direct family members — in order to learn more about their own genetics and build out their family trees. So through those 14,000 accounts, the hacker was able to access information about millions more. A much smaller subset of customers had health data accessed.

Users can choose whether to share different kinds of data, including name, location, ancestry and health information such as genetic predisposition to conditions such as asthma, anxiety, high-blood pressure and macular degeneration.

The exposure of such information could have concerning ramifications. In the US, health information is typically protected by what’s known as the Health Insurance Portability and Accountability Act, or HIPAA. But such protections only apply to health-care providers.

You can read more in an article by Kristen V. Brown published in the Mercury News at: https://tinyurl.com/4zsuw8hc.

Comments

  • 7 Dec 2023 8:09 AM | Anonymous
    Note that the breach was not 23andMe's fault. It was caused by customers re-using the same password on more than one site.

    Every account needs its own distinct password. Use a password manager, and record passwords manually in a old-fashioned three-ring binder with alphabetic tabs.
    Link  •  Reply
    • 7 Dec 2023 11:01 AM | Anonymous
      This is actually untrue, as my passwords for all sites I log into are completely unique. However 23andMe did notify me that my data was compromised. They did not offer an explanation for this discrepancy, only that the would “look into it”. I never heard another word from them.
      Link  •  Reply

Eastman's Online Genealogy Newsletter









































Powered by Wild Apricot Membership Software