The data watchdogs of the UK and Canada will investigate genetic testing company 23andMe over a data breach in October 2023.
Hackers gained access to personal information of 6.9 million people, which in some cases included family trees, birth years and geographic locations, by using customers’ old passwords.
One of the things the joint taskforce will investigate is whether adequate safeguards had been put in place to protect such data. “We intend to cooperate with these regulators’ reasonable requests,” 23andMe said in a statement.
The data stolen in October did not include DNA records.
The company was not hacked itself - but rather criminals logged into about 14,000 individual accounts, or 0.1% of customers, by using email and password details previously exposed in other hacks.
This would be different from a hack which leaked information about Ashkenazi Jews in specific. Apparently no one gives a shit about that one.
All I can say is I’m glad I never gave them my DNA.
Me too. Thought about it at one point, then remembered the shitty way the pharmaceutical system treated Henrietta Lacks and her heirs.
I’m relatively sure that’s from the same incident
If so, the article really did not make that clear.
So… it’s a hack, but it’s not been hacked?
Come the fuck on, BBC, you can do better.
From what I’ve heard people got their accounts at random other companies/ services hacked, their emails and passwords were posted/ sold online, and then the hackers bought them and tried entering them into 23andMe which succeeded for a number of users who use the same creds across services. I agree the article could have been clearer, but it does seem like a meaningful distinction to me that 23andMe itself didn’t get hacked
“Genetic testing firm 23andMe investigated over incident where scammers stole 14,000 accounts to get data” seems unnecessary.
I think that “hack” works.
In the same way that “my Instagram account got hacked”
Thank God I only leave my DNA on door handles.