23andMe: Hackers gained access to data of 14,000 customers

The hackers who had access to the systems of the commercial DNA database 23andMe in early October were able to retrieve information from 0.1 percent of the users. That would correspond to 14,000 customers. Information about related accounts was also captured.

The company behind the commercial DNA database has in a letter provided more details to the US Securities and Exchange Commission about the data breach that occurred on October 10 this year. According to 23andMe, the hackers then gained access to the accounts by using customer usernames and passwords that had already been leaked during previous data breaches on other websites.

According to 23andMe, the hackers were able to capture customers’ personal information, such as family tree information, but also in some cases health information based on the DNA analysis of the users in question. The hackers are also said to have captured information about related accounts. This is the case with affected customers who also use the DNA Relatives service. Thanks to this function, DNA can be matched with potential relatives. It is not clear how many of the affected customers had signed up for this service.

Out an annual report from 23andMe from earlier this year it appears that the DNA database had more than 14 million customers in May. If 23andMe indicates that 0.1 percent of customers were affected by the data breach, this would mean that it concerns approximately 14,000 customers.

23andMe is an American company that has managed a commercial DNA database since 2006 and can provide customers with information about their origins, physical characteristics and risk of genetic disorders. Customers who want to use 23andMe’s services must send saliva to the company in a tube.

23andMe kit