Incident Details
By the end of 2023, 23andMe, a genetic testing company, acknowledged a breach where customer data was exposed online. Approximately 5.5 million customers' DNA Relatives profile details and 1.4 million DNA Relative participants' Family Tree profile information were accessed by malicious actors. The unauthorized access to customer accounts began in April 2023 and persisted for several months until September 2023, when the breach was uncovered by the company.
Incident
How Did the Breach Happen?
The hackers successfully breached customer accounts, allowing them to access DNA Relatives and Family Tree profile details.
What Data has been Compromised?
Approximately 5.5 million customers had their DNA Relatives profile information breached by hackers, along with the Family Tree profile information of 1.4 million DNA Relative participants.
Why Did the company's Security Measures Fail?
The security protocols of the company were not successful in identifying and stopping the unauthorized entry into customer accounts, leading to a data breach.
What Immediate Impact Did the Breach Have on the company?
The security breach led to customer data being compromised and a decrease in customer confidence. 23andMe had to allocate resources towards examining and resolving the breach, which could have affected their functioning and credibility.
How could this have been prevented?
Enhanced security measures like multi-factor authentication and ongoing monitoring systems could have averted the breach.
What have we learned from this data breach?
The significance of strong cybersecurity practices, frequent security evaluations, and swift identification and handling of potential breaches is underscored by this data security incident.
Summary of Coverage
During the year 2023, 23andMe encountered a security incident in which unauthorized individuals were able to access the DNA Relatives and Family Tree profile details of numerous customers. This breach remained unnoticed for a prolonged period, resulting in a decline in customer confidence and highlighting the necessity for enhanced cybersecurity protocols moving forward.