Connecticut AG seeks answers on 23andMe data breach that also exposed users of Asian descent


Connecticut Attorney General William Tong is seeking details from genetic testing company 23andMe after a data breach exposed sensitive personal information of more than 5 million users, including those of Chinese heritage.

What happened: Concerns over 23andMe’s security broke out earlier this month after hackers claimed possession of a million data points on Ashkenazi Jews. "Hundreds of thousands" of Chinese users were similarly compromised, as per Wired.

The stolen data reportedly include a user’s name, sex, birth year and some details on genetic ancestry. Each 23andMe profile was then sold for between $1 and $10.

23andMe’s response: 23andMe has since worked with federal authorities and third-party forensic experts to investigate the leak. According to the company, there has been no indication of a system breach; instead, the hackers appear to have gained access to accounts that reused login credentials from previously compromised websites.

Trending on NextShark: Ex-UCLA gymnastics star Katelyn Ohashi faces backlash for Halloween costume

The hackers may have also scraped more data through a feature called “DNA Relatives,” which allows 23andMe users to share their information for others to see. The company has advised customers to update their passwords and enable multi-factor authentication.

What Tong is asking: In his inquiry letter sent Monday, Tong informed 23andMe that the company has yet to submit a breach notification pursuant to the state’s corresponding statute. Under the law, the Attorney General must be notified of such a breach impacting Connecticut residents not later than 60 days after its discovery.

Tong also questioned 23andMe’s compliance with the state’s Data Privacy Act, which guarantees residents rights over their personal data and imposes privacy and security obligations on controllers and processors of such data. Additionally, he requested answers to multiple questions surrounding the data breach.

Trending on NextShark: Chinese woman flees US after deadly Porsche 911 crash in Washington

The Attorney General also explained why such a leak is especially dangerous at present. “The increased frequency of antisemitic and anti-Asian rhetoric and violence in recent years means that this may be a particularly dangerous time for such targeted information to be released to the public,” he noted.

Tong has given 23andMe until Nov. 13 to respond.


Trending on NextShark: What is ‘fried rice syndrome’ and why is it causing panic online?

More on NextShark:

Japanese scientists accidentally discover virus in insects that only kills males

Hello Kitty voice actor announces departure from the character after 33 years