An estimated 6.9 million customers of the genetic testing firm 23andMe had their private info stolen by hackers in a current information breach, an organization spokesperson confirmed to The Hill on Monday.
A spokesperson for 23andMe advised The Hill an estimated 5.5 million customers had their information accessed from the corporate’s DNA Family function, which helps customers discover and join with household kinfolk who even have the function enabled.
Hackers additionally breached the information of a further 1.4 million folks’s household tree profiles, which incorporates a wide range of figuring out details about the consumer, the spokesperson stated.
TechCrunch first reported the estimated 6.9 million customers impacted within the breach.
23andMe first introduced the information breach in early October and stated each third-party forensic consultants and federal legislation enforcement officers have been aiding within the investigation.
Final Friday, the corporate stated the investigation was full, and filed findings with the U.S. Securities and Alternate Fee.
Within the findings, the corporate stated hackers have been in a position to entry 0.1 p.c of the corporate’s consumer information, which the corporate known as a “very small share.” The spokesperson confirmed Monday this equals about 14,000 customers.
Hackers have been in a position to entry accounts in situations the place usernames and passwords that have been used on the 23andMe web site matched these used on different web sites that have been beforehand compromised, based on the spokesperson.
The spokesperson added the hackers used this info to entry the DNA Family profile recordsdata and Household Tree profile info.
“We would not have any indication that there was a breach or information safety incident inside our techniques, or that 23andMe was the supply of the account credentials utilized in these assaults,” the spokesperson famous.
The corporate final Friday stated it has “taken steps” to guard consumer information, together with asking current shoppers to reset their password and imposing a two-step verification technique for each new and current customers.
Following 23andMe’s preliminary announcement of the information breach in October, Connecticut State Lawyer Basic William Tong requested further info on the incident, which he alleged focused the information of people with Ashkenazi Jewish and Chinese language heritage.
Tong claimed the hack led to the sale of not less than a million information profiles with Ashkenazi Jewish heritage on the unlawful market and that one other leak uncovered information associated to a whole lot of 1000’s of individuals with Chinese language ancestry.
On the time, a 23andMe spokesperson advised The Hill its investigation recommended “risk actors have been in a position to entry sure accounts in situations the place customers recycled login credentials.”
The Hill reached out the Connecticut state legal professional common’s workplace and 23andMe for an replace on Tong’s inquiry.
Copyright 2023 Nexstar Media Inc. All rights reserved. This materials is probably not revealed, broadcast, rewritten, or redistributed.