Some 6.9 million 23andMe customers had their data compromised after an anonymous hacker accessed user profiles and posted them for sale on the internet earlier this year, the company said on Monday.
The compromised data included users’ ancestry information as well as, for some users, health-related information based on their genetic profiles, the company said in an email.
Privacy advocates have long warned that sharing DNA with testing companies like 23andMe and Ancestry makes consumers vulnerable to the exposure of sensitive genetic information that can reveal health risks of individuals and those who are related to them.
In the case of the 23andMe breach, the hacker only directly accessed about 14,000 of 23andMe’s 14 million customers, or 0.1%. But on 23andMe, many users choose to share information with people they’re genetically related to — which can include distant cousins they have never met, in addition to direct family members — in order to learn more about their own genetics and build out their family trees. So through those 14,000 accounts, the hacker was able to access information about millions more. A much smaller subset of customers had health data accessed.
Users can choose whether to share different kinds of data, including name, location, ancestry and health information such as genetic predisposition to conditions such as asthma, anxiety, high-blood pressure and macular degeneration.
The exposure of such information could have concerning ramifications. In the US, health information is typically protected by what’s known as the Health Insurance Portability and Accountability Act, or HIPAA. But such protections only apply to health-care providers.
You can read more in an article by Kristen V. Brown published in the Mercury News at: https://tinyurl.com/4zsuw8hc.