Connecticut AG seeks answers on 23andMe data breach that also exposed users of Asian descent
By Carl Samson
Connecticut Attorney General William Tong is seeking details from genetic testing company 23andMe after a data breach exposed sensitive personal information of more than 5 million users, including those of Chinese heritage.
What happened: Concerns over 23andMe’s security broke out earlier this month after hackers claimed possession of a million data points on Ashkenazi Jews. “Hundreds of thousands” of Chinese users were similarly compromised, as per Wired.
The stolen data reportedly include a user’s name, sex, birth year and some details on genetic ancestry. Each 23andMe profile was then sold for between $1 and $10.
23andMe’s response: 23andMe has since worked with federal authorities and third-party forensic experts to investigate the leak. According to the company, there has been no indication of a system breach; instead, the hackers appear to have gained access to accounts that reused login credentials from previously compromised websites.
The hackers may have also scraped more data through a feature called “DNA Relatives,” which allows 23andMe users to share their information for others to see. The company has advised customers to update their passwords and enable multi-factor authentication.
What Tong is asking: In his inquiry letter sent Monday, Tong informed 23andMe that the company has yet to submit a breach notification pursuant to the state’s corresponding statute. Under the law, the Attorney General must be notified of such a breach impacting Connecticut residents not later than 60 days after its discovery.
Tong also questioned 23andMe’s compliance with the state’s Data Privacy Act, which guarantees residents rights over their personal data and imposes privacy and security obligations on controllers and processors of such data. Additionally, he requested answers to multiple questions surrounding the data breach.
The Attorney General also explained why such a leak is especially dangerous at present. “The increased frequency of antisemitic and anti-Asian rhetoric and violence in recent years means that this may be a particularly dangerous time for such targeted information to be released to the public,” he noted.
Tong has given 23andMe until Nov. 13 to respond.
Share this Article
Share this Article