The DNA data of seven million users has been breached in a hack on Silicon Valley based genetic testing company, 23andMe, as confirmed by the company to TechCrunch.
23andme analyses saliva samples sent in by users for genetic testing.
In a filing on 1 October, 23andme first confirmed that a bad actor had claimed online to have the DNA data of its customers. The company stated that it immediately launched an investigation into the claim using third-party incident response experts.
After this initial investigation, 23andme concluded that only 0.1% of its user base had been breached and stated that only accounts on its site that had used the same password as others had been accessed.
However, more than this initial number of accounts had been breached in this hack because of 23andme’s Relative Finder feature.
This opt-in feature allows users to see accounts of other people who have similar genealogy and therefore may be related.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
The data breached includes personal details such as location, date of birth and genetic relationship to other 23andme users.
In a statement released on its website, which has since been taken down, 23andme reaffirmed that it took cybersecurity seriously and recommended that its customers change their account passwords and enable multifactor authentication. An archival screenshot of this statement can be found here.
Research company GlobalData forecast that cybersecurity budgets would decline in 2023.
In its thematic intelligence report into cybersecurity, GlobalData reported that mass layoffs in the tech sector would have a knock-on effect on cybersecurity firms and budgets- potentially leaving companies at higher risk of attack.
The company also forecast that state-sponsored cyberattacks would increase in 2023 and 2024 due to rising geopolitical tensions.
Whilst this has not been confirmed in the case of 23andme, the hacker who originally posted 23andme user’s data for sale online specified that the stolen data contained information from Ashkenazi Jews and people of Chinese-descent according to reports from Wired.
Speaking to Wired, threat analyst at cybersecurity firm Emisoft Brett Callow stated that the hacker’s choice to display user ethnicity may not confirm the attack was motivated by race or ethnicity.
“When data is shared relating to ethnic, national, political or other groups, sometimes it’s because those groups have been specifically targeted, but sometimes it’s because the person sharing the data thinks it’ll make reputation-boosting headlines,” Callow stated.
New research released today (6 December) by Aviva suggests that one in five businesses in the UK has been a victim of a cyberattack this year alone, with loss of data the biggest potential threat named by businesses.
By 2030, GlobalData predicts that cybersecurity revenues will reach over $344bn globally.