Healthcare company 23andMe admits hackers accessed customers' data

San Francisco, Dec 3 (IANS): Genetic testing company 23andMe has confirmed that hackers accessed nearly 14,000 customers' accounts in a data breach.

"Upon learning of the incident, 23andMe immediately commenced an investigation and engaged third-party incident response experts to assist in determining the extent of any unauthorised activity," it said in the filing.

Based on its investigation, it determined that hackers had accessed 0.1 per cent of its customer base.

According to the company's most recent annual earnings report, 23andMe has "more than 14 million customers worldwide," which means 0.1 per cent is around 14,000.

The information accessed by the threat actor varied by user account, and generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user's genetics.

"We are working to remove this information from the public domain," said the healthcare company. 23andMe was in the process of providing notification to users impacted by the incident as required by applicable law.

"While no company can ever completely eliminate the risk of a cyber attack, the company has taken certain steps to further protect its users' data," said 23andMe.

The company expects to incur between $1 million and $2 million in one-time expenses related to the incident during its fiscal third quarter. The company did not specify what that "significant number" of files is, nor how many of these "other users" were impacted.



Top Stories

Leave a Comment

Title: Healthcare company 23andMe admits hackers accessed customers' data

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will be held responsible.