23andMe, the genetic testing company with over 14 million customers, has recently announced a data breach that affected approximately 14,000 customer accounts. The breach allowed hackers to access files containing profile information about users’ ancestry, which was shared through 23andMe’s DNA Relatives feature.
The company’s new filing with the US Securities and Exchange Commission provided additional details on the incident. An immediate investigation was conducted to find the threat actor, who claimed to have accessed 23andMe users’ profile information. 23andMe engaged third-party incident response experts to assess the extent of unauthorized activity. The compromised accounts contained varying information, including ancestry details and, for a subset, health-related information based on genetics.
To mitigate the impact, 23andMe said it is currently working to remove the leaked information from the public domain and has taken steps to enhance user data protection, including a mandatory password reset for all users and the implementation of two-step verification for new and existing users.
The financial implications of the breach are estimated to result in one-time expenses between $1 million and $2 million. These expenses cover technology consulting services, legal fees, and third-party advisor costs. The breach has also led to multiple class-action claims against 23andMe in various jurisdictions.
“23andMe is in the process of providing notification to users impacted by the incident as required by applicable law. While no company can ever completely eliminate the risk of a cyber attack, the Company has taken certain steps to further protect its users’ data,” the company said in the filing.
Currently, the full extent of the costs and impacts, including the availability of insurance coverage, remains uncertain. The company is defending these cases and is committed to updating information as required by applicable law. While 23andMe believes its investigation into the matter is complete, it acknowledges the possibility of new information emerging.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years. I have a wealth of knowledge to share with my readers, and my goal is to help them navigate the ever-changing world of cryptocurrencies.