Genetic testing company 23andMe has confirmed that hackers accessed nearly 14,000 customers’ accounts in a data breach.
“Upon learning of the incident, 23andMe immediately commenced an investigation and engaged third-party incident response experts to assist in determining the extent of any unauthorized activity,” it said in the filing.
Based on its investigation, it determined that hackers had accessed 0.1 percent of its customer base.
According to the company’s most recent annual earnings report, 23andMe has “more than 14 million customers worldwide,” which means 0.1 percent is around 14,000.
The information accessed by the threat actor varied by user account, and generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.
“We are working to remove this information from the public domain,” said the healthcare company. 23andMe was in the process of providing notification to users impacted by the incident as required by applicable law.
“While no company can ever eliminate the risk of a cyber attack, the company has taken certain steps to further protect its users’ data,” said 23andMe.
The company expects to incur between $1 million and $2 million in one-time expenses related to the incident during its fiscal third quarter. The company did not specify what that “significant number” of files is, nor how many of these “other users” were impacted.
