Reuters reports that major U.S. biotechnology and genetic testing firm 23andMe has begun notifying its customers regarding a breach involving its "DNA Relatives" feature, which enabled data sharing for users around the world, after millions of data stolen from the company were exposed by a threat actor.
"There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives. As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor," said 23andMe in breach notification letters.
Such an incident, which was initially attributed by 23andMe to credential stuffing attacks, has prompted the temporary deactivation of certain DNA Relatives functionality, according to 23andMe spokesperson Katie Watson, who did not provide further details regarding the number of customers who have been informed regarding the compromise due to ongoing investigation.
Details regarding the data leak have also been sought by Senate Health, Education, Labor, and Pensions Committee Ranking Member Bill Cassidy, R-La.
Privacy, Incident Response, Security Staff Acquisition & Development
Data breach notifications sent to 23andMe customers
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds