A hacker has claimed to have stolen millions of "pieces of data" from the genetic testing website 23andMe. The data was advertised on an online forum cyber criminals use to promote and sell exfiltrated data.
In a statement responding to the news, 23andMe stated that while "customer profile information" had been accessed through individual accounts, the company itself had not been breached. The company added that the hacker may have used passwords stolen from other sites in an attempt to hijack 23andMe accounts, highlighting the danger of using the same password across multiple sites.
According to SC Media, the attacker obtained the full name, gender, and individual ancestry evaluation data belonging to users of Chinese and Ashkenazi Jewish descent.
In an update, Gizmondo reports that a class action lawsuit has been filed in California, accusing the company of lax cybersecurity practices that have placed customers at risk of fraud and identity theft.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.