If you’re one of the millions of customers who submitted to a DNA ancestry test with 23andMe, your data may have been hacked.
Health :
Like Ancestry.com, 23andMe is one of the many companies now providing ethnic tracing and heritage history for a small fee. For a few years now, customers have spit into a vial, mailed in their DNA sample, and then found out all sorts of valuable information about their family tree, relatives they never knew they had, and more.
It was all fun and games until recently when 23andMe announced that they had been hacked — and that private identifiers and other data for their 14 million customers had been compromised and likely available on the dark web.
According to The Washington Post, a hacker gained access to sensitive customer data via a credential-stuffing attack. The hacker then appeared in an online forum last week and offered to sell the names, locations, and ethnicities of millions of 23andMe users. Interestingly, the hacker appeared to specifically target people of Jewish ancestry.
So what could someone do with knowledge of your specific genetic code? Plenty!
“You can imagine scenarios where unsavory people could try to use this stuff in personal ways,” said Dr. Robert Green, director of the Genomes to People at Harvard University. “If there were variants that put someone at risk for Alzheimer’s disease and you were vying with that person in a corporation for a job, you could somehow try to use that information to suggest that they might be unfit. You could be in a custody battle where DNA could suggest there’s a predisposition to psychiatric illness, for example.”
Since the type of information that genetic testing companies collect is currently unprotected by America’s Health Insurance Portability and Accountability Act (HIPAA), it’s understandable for anyone who submitted to a DNA test to be concerned.
In fact, for those who are concerned that their data may have been compromised, the company has issued a few suggestions:
- All 23andMe users should promptly reset their passwords to something they’ve never used before on other sites, as well as turn on two-factor authentication.
- You can ask 23andMe and other genetic testing companies to delete some of the information they’re storing on you. If you live in a state with a comprehensive privacy law, such as California, Virginia, or Colorado, the company is required to do so.
- Additionally, if you haven’t already, think twice before sharing genetic information. Sharing your genetics with a DNA database puts you at greater risk of botched criminal procedure, discrimination from insurance companies and employers, and targeted attacks such as blackmail, privacy experts say.
Granted, knowing your full family history is a beautiful life-changer for many. However, the risks of handing out your DNA for any reason can never be overlooked.
OK WASSUP! covers Health News:
The 23andMe data breach and what you can do.
I did not use the 23 and me but I did use Ancestry. I wonder if that is a problem too.