South San Francisco-based human genetics company, 23andMe, has revealed that the profile information of some of its customers has been accessed without their permission by a third party. The company made this announcement in a regulatory filing on Tuesday.
According to 23andMe, there is currently no evidence of a data security incident within their own systems. Furthermore, the company states that there is no indication that they were the source of the credentials used in the cyberattack. It is believed that a third party was able to access customer accounts due to some users using the same usernames and passwords on other websites which had previously experienced security breaches.
The accessed information is user-generated and can be shared through 23andMe's DNA Relatives feature. The company is taking immediate action to mitigate the impact of the incident and is conducting a thorough investigation into the extent of the attack. To aid in this investigation, 23andMe has enlisted the help of forensic experts.
At this time, the company is unable to estimate the costs associated with this incident. They assure customers that they are working diligently to resolve the issue and strengthen their security measures.
by Ben Glickman