News

23andMe notifies customers of DNA data breach

Genetics testing company 23andMe, has emailed customers to alert them to a data breach. The security violation involves the DNA Relatives feature that allows customers to compare ancestry information with other users. The compromised data includes:

Millions of customers could be affected, but 23andMe has not offered victims any credit monitoring or identity protections following the breachInstead, the company has encouraged users to strengthen their passwords and enable multi-factor authentication.   

Victims of the 23andMe data breach are at risk

Following the hack, customers of 23andMe have taken to social media to share concerns that their sensitive data could be used against them. These worries are not unfounded because the hackers are now offering the assembled genetic information of thousands of people for sale on the dark web. According to media reports, this includes sale lists for people with Chinese and Ashkenazi Jewish ancestry, leading to concerns over how this data could be used. 

How did the data breach happen?

Unlike in other high-profile data breaches, on this occasion the hackers did not target the company’s servers. Instead, they targeted hundreds of individual user accounts using login credentials from previously compromised websites. This technique is called ‘credential stuffing’. After gaining access to some user accounts, the hackers then leveraged DNA matches to obtain information about thousands of other people.

Concerningly, 23andMe also stores genetic information about the relatives of some of its users, even if these relatives didn’t send a sample or consent to any data collection. As such, the ramifications of this breach could be considerable.

Claim compensation for the 23andMe data breach

In the wake of the 23andMe data breach, several actions have been launched in the US against the genetic testing company. Complaints include negligence, invasion of privacy, breach of contract, unjust enrichment, and other claims. There are also allegations that 23andMe’s response to the hack was deficient.  

We are investigating this incident to find out how it affects users and their relatives in England & Wales. If you receive notification of your involvement in this breach, sign up below to join our no-win, no-fee action and receive updates on this case.  

Connor Taylor

Recent Posts

What is a Group Litigation?

Group litigation serves as a vital tool in the English legal system, empowering individuals to… Read More

7 days ago

How to Protect Your Personal and Financial Data in the Digital Age

In today’s world, cybercriminals are getting smarter, and their tactics are constantly evolving. If you’re… Read More

2 weeks ago

Why Personal Data is so valuable to criminals

In today’s digital world, personal data has become one of the most valuable commodities—especially for… Read More

1 month ago

Understanding Data Breaches and Their Impact on You

In today's digital landscape, safeguarding personal information is more critical than ever. A data breach… Read More

2 months ago

Data Privacy Week 2025: Key Trends and Priorities

Individuals are facing new challenges in the world of data privacy and security. With the… Read More

2 months ago

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

10 months ago