Genetic testing firm 23andMe investigated over hack

In the 23andMe data breach of October 2023, hackers gained access to personal information of 6.9 million people. The compromised data included information such as names, birth years, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported locations. It is important to note that the stolen data did not include DNA records.

Once the security breach was discovered, 23andMe took several actions to address the situation:

1. The company initiated an investigation to assess the incident and mitigate potential risks.
2. They engaged the assistance of third-party forensic experts.
3. 23andMe worked with federal law enforcement officials.
4. They reached out to their customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure.
5. Out of caution, 23andMe required all customers to reset their passwords and encouraged the use of multi-factor authentication (MFA).
6. The company temporarily disabled some features within the DNA Relatives tool as an additional precaution to protect the privacy of their customers.
7. 23andMe now requires all new and existing customers to login using two-step verification.
8. The company sent letters to customers who were affected by the incident, as required by law.

In addition to these actions, 23andMe is committed to providing a safe and secure place for their customers to learn about their DNA, knowing that their privacy is protected. They continue to invest in protecting their systems and data.