Genetics testing company 23andMe (ME.O) has dispatched correspondences to numerous customers, informing them of an intrusion into the "DNA Relatives" feature, which facilitated the comparison of ancestry information with global users.
Following the publicized activity of a hacker, who claimed the acquisition of millions of "data units" stolen from 23andMe and posted the information on an online forum earlier this month, the company announced its collaboration with federal law enforcement agencies and forensic experts to conduct an investigation.
23andMe apprised its customers of a security breach that encompassed one or more accounts interlinked with theirs through the "DNA Relatives" feature. This functionality enables users worldwide to establish connections and exchange personal data, encompassing relationship designations, ancestry records, DNA segment comparisons, geographical data, birth years, family names, and other pertinent information.
The communication from the company declared, "Unauthorized access was gained to one or more 23andMe accounts that were connected to you through DNA Relatives. Consequently, the profile information in the DNA Relatives feature, which you had provided, has been exposed to a threat actor."
23andMe specializes in providing genetic testing services to facilitate individuals in acquiring insight into their ancestral lineage. Subsequent to the breach's disclosure, numerous customers have articulated concerns regarding the potential misuse of their ethnic background and other sensitive data should it become publicly available. In response to the security breach, a U.S. legislator sought further clarification regarding the incident.
While various customers have reported receiving the notification via social media platforms, the precise number of customers apprised of the breach remains undisclosed. In response to inquiries, 23andMe spokeswoman Katie Watson has refrained from offering comments, citing the ongoing investigation. She directed interested parties to a blog post made by the company on October 20, which announced the temporary suspension of certain functionalities within the "DNA Relatives" feature, as a measure to safeguard user privacy.
From a legal perspective, 23andMe's response to the security breach in its 'DNA Relatives' feature has several key implications and potential legal consequences:
Data Privacy Laws: The breach may trigger legal obligations under data privacy laws, both at the state and federal levels. Depending on the nature and extent of the data exposed, the company may need to comply with various state data breach notification laws and federal regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) if medical information was involved.
Liability and Damages: 23andMe may face potential liability for the breach, including lawsuits from affected customers seeking damages for any harm suffered as a result of the breach. Customers who can demonstrate harm, such as identity theft or financial losses, may have legal grounds to pursue legal action.
Regulatory Investigations: Federal law enforcement agencies and forensic experts are involved in the investigation, which indicates potential regulatory scrutiny. The company may need to cooperate with these authorities and address any regulatory concerns or violations that are identified during the investigation.
Comments