Data breach notifications sent to 23andMe customers

Reuters reports that major U.S. biotechnology and genetic testing firm 23andMe has begun notifying its customers regarding a breach involving its "DNA Relatives" feature, which enabled data sharing for users around the world, after millions of data stolen from the company were exposed by a threat actor. "There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives. As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor," said 23andMe in breach notification letters. Such an incident, which was initially attributed by 23andMe to credential stuffing attacks, has prompted the temporary deactivation of certain DNA Relatives functionality, according to 23andMe spokesperson Katie Watson, who did not provide further details regarding the number of customers who have been informed regarding the compromise due to ongoing investigation. Details regarding the data leak have also been sought by Senate Health, Education, Labor, and Pensions Committee Ranking Member Bill Cassidy, R-La.