Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Genetic testing. Show all posts
sale concerns
23andMe ancestry testing Cybersecurity Data Breach data deletion DNA privacy financial decline Genetic Data Genetic testing HIPAA Personal Data privacy policies sale concerns

23andMe Faces Uncertainty After Data Breach

 

DNA and genetic testing firm 23andMe is grappling with significant challenges following a 2023 data breach and its ongoing financial downturn. Once a leader in the industry, the company now faces an uncertain future as it considers going private, raising concerns about the security of genetic data for its 15 million customers.

Known for its saliva-based genetic ancestry tests, 23andMe has seen its market value plummet by over 99% since its $6 billion high in 2021, largely due to unprofitability. This lack of profit is attributed to declining consumer interest in its one-time-use test kits and sluggish growth in its subscription services. Compounding these issues was a lengthy data breach in 2023, where hackers stole genetic data from nearly 7 million users. In September, the company agreed to pay $30 million to settle a lawsuit related to the breach.

Shortly after the settlement, 23andMe CEO Anne Wojcicki mentioned the possibility of third-party takeover offers but later clarified her intent to take the company private. The initial statement, however, led to the immediate resignation of the company's independent board members, amplifying concerns about the future handling of customer data.

Many customers may assume their genetic data is protected by health privacy laws, but 23andMe is not bound by the Health Insurance Portability and Accountability Act (HIPAA). Instead, the company follows its own privacy policies, which it can alter at any time. According to a company spokesperson, 23andMe believes its data management practices are more appropriate and transparent compared to the traditional healthcare model under HIPAA.

The lack of strict federal oversight and varying state privacy laws means that in the event of a sale, the genetic data of millions could be up for grabs. Wojcicki has signaled a shift in the company's business strategy, halting costly drug development programs to focus on monetizing its customer data for pharmaceutical research.

While 23andMe asserts its data privacy policies would remain unchanged even if sold, privacy advocates have raised alarms. The Electronic Frontier Foundation (EFF) has warned that selling the company to entities with law enforcement ties could lead to misuse of sensitive genetic information.

For those concerned about the future of their data, 23andMe allows users to delete their accounts, though some data may still be retained under legal and compliance requirements.
Read more »
User Information
23andMe ancestry files Cybersecurity Data Breach Data protection Genetic testing hacker access Online Privacy User Information

23andMe Reports Hackers Accessed "Significant Number" of Ancestry Files

 

Genetic testing company 23andMe declared on Friday that approximately 14,000 customer accounts were compromised in its recent data breach. In an updated submission to the U.S. Securities and Exchange Commission, the company revealed that its investigation determined the breach affected 0.1% of its customer base, equivalent to around 14,000 individuals out of its reported 14 million worldwide customers.

The hackers not only gained access to these accounts but also managed to retrieve "a significant number of files" containing profile information related to other users' ancestry who had opted into 23andMe's DNA Relatives feature. The company refrained from specifying the exact number of impacted files or users in this category.

Despite requests for clarification on these figures, 23andMe did not immediately respond to inquiries. The data breach, disclosed in early October, utilized the "credential stuffing" method, where hackers exploit a known password obtained from a previous data breach to infiltrate a victim's account.

The repercussions extended beyond the initially compromised accounts due to 23andMe's DNA Relatives feature, allowing hackers to access personal data of individuals connected to the primary victim. The stolen data for the initial 14,000 users generally included ancestry information and, for a subset, health-related information based on genetics. For the other subset, 23andMe mentioned the theft of "profile information" without specifying the details.

Upon analyzing the stolen data, TechCrunch found similarities with known public genealogy records, raising concerns about the exposure of sensitive user and genetic information. 

The data breach first surfaced in October when hackers advertised alleged data from one million Jewish Ashkenazi descent users and 100,000 Chinese users on a prominent hacking forum. Subsequently, the same hacker offered records of an additional four million people for sale.

A separate hacker, reported two months earlier, claimed to possess 300 terabytes of stolen 23andMe user data, seeking $50 million for the entire database or offering subsets for amounts ranging from $1,000 to $10,000. In response to the breach, 23andMe enforced password resets on October 10 and urged users to enable multi-factor authentication. By November 6, the company mandated two-step verification for all users. Following 23andMe's breach, DNA testing companies Ancestry and MyHeritage also implemented mandatory two-factor authentication.
Read more »
Subscribe to: Posts (Atom)