Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
[…] about 5.5 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
Well, that’s just great.
The article also says that hackers were selling the data for up to $10 per account.
Interestingly, 23&Me also just updated their terms of service a couple days ago too.
How is your system configured and protected so poorly that reusing passwords leaks half your user data?
Idk, but you would think they would have invested in a better system, especially because they’re handling sensitive data related to people’s health.
I wonder, does HIPPA apply to data collected by 23&Me? I would imagine so because it’s health related.
Hopefully HIPPA will be enough to actually force some punishment to the company.
Leaking half of the US populations’ SSNs wasn’t enough
How many times have 23andMe or Ancestry been hacked now?
I wonder if governments or insurance companies have hackers…