Introduction
Are you familiar with the ancestry and biotechnology service, 23andMe? More than 14M people around the world use their website!
In December 2023, 23andMe confirmed a data breach that affected 6.9 million users. Hackers accessed data including names, birth years, relationship labels, DNA shared percentages, ancestry reports, and self-reported locations. This means for over half of 23andMe’s customers, some personal information was compromised.
What Happened?
When a breach like this occurs, it’s important to first find out what data was accessed. If you opted into the DNA Relatives feature, for example, then hackers could potentially access information about your ancestry and relatives. For some users, health data was also compromised.
If you use 23andMe, or ever have, then find out ASAP if you were affected! Check your email for any notifications from the service; they contacted affected users directly about this compromise. You can also log in to your account and see if there’s any information about the breach.
As for the potential fallout to the victimized users, this exposed data could be used for various malicious purposes. Consider what kind of personal details a DNA website requires.
- Identity theft: Information like your name and birth year can be used to open fraudulent accounts.
- Genetic discrimination: Employers or insurance companies might misuse your genetic data to discriminate against you.
- Targeted advertising or scams: You might receive unwanted marketing or phishing attempts based on your ancestry or health information.
Data leaks like this could be a simple annoyance or a serious threat to your personal safety.
If You’ve Been Affected
What should you do if your data has been exposed either in this particular data breach, or one just like it?
- Change your password: Use a strong, unique password for your 23andMe account and other online services.
- Review your privacy settings: Limit the information you share on 23andMe and other platforms.
- Be cautious of suspicious emails or calls: Don’t click on links or share personal information unless you’re sure it’s legitimate.
- Monitor your accounts: Watch for any unusual activity on your bank accounts, credit cards, or other online services.
- Consider reporting the breach: If you believe your data was compromised, you can report it to the authorities or a data breach reporting service.
Often, the company whose data was targeted will share resources and updates regarding the leak, especially if your PII was involved in the cyber-event. Keep an eye on your messages, and your credit report, to see if any suspicious activity pops up that requires immediate intervention.
Conclusion
Remember, staying informed and taking proactive steps can help mitigate the risks associated with this data breach…and any others that might involve your PII in the future. Threat actors are more active than ever, developing brand-new tools and tactics for stealing your personal information. Staying educated and vigilant is your best defense for data privacy!
If you do get an alert that your data has been involved in a breach, notify your IT team immediately! They should be able to use Dark Web Monitoring software and tools like Risk Assessments to determine the security of your network and systems moving forward. As always, your best offense in cybersecurity is a good defense!
References