Genetic testing company 23andMe says a recent security breach has impacted nearly seven million of its users.
23andMe confirmed last week during a regulatory filing with the US Securities and Exchange Commission that hackers had gained access to the personal data of about 14,000 users in a breach that occurred in October, according to Tech Crunch.
The company also noted this allowed hackers to gain access to the accounts of a “significant number of files” that contained the personal information of other users.
23andMe revealed soon after that 6.9 million of its users had been impacted in total.
In a statement to Daily Hive, a 23andMe spokesperson said that the 14,000 accounts the “threat actors” accessed was a small percentage (0.1%) of its user accounts.
The hackers gained access to these accounts “in instances where usernames and passwords that were used on the 23andMe website were the same as those used on other websites that had been previously compromised or were otherwise available,” stated the spokesperson.
23andMe noted that through these 14,000 accounts, the hackers were able to access nearly 5.5 million DNA relative profile files, which include information such as display name, predicted relationships, and percentage of DNA shared with matches.
About 1.4 million customers participating in the DNA Relatives feature had their Family Tree profile information accessed, which is made up of a limited subset of DNA Relatives profile information.
“Of note, we do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks,” stated the 23andMe spokesperson.
The company is working on notifying affected customers and said it’s taking steps to protect customer data via password resets and two-step verification.
A class action lawsuit has also been filed against the company in response to the October leak.