Last week, the Arizona Attorney General’s Office contacted 23andMe, Inc., in response to a data breach affecting nearly 7 million customers.
The Attorney General’s Office (AGO) is seeking detailed information on the number of Arizonans affected, the specific nature of compromised data for Arizona residents, the timeline and method of notification to affected individuals, compliance with Arizona’s data breach notification statute, and the potential exposure of this data on the dark web.
According to the company it provides direct-to-consumer genetic testing service in which customers provide a saliva sample that is laboratory analyzed, using single nucleotide polymorphism genotyping, to generate reports relating to the customer’s ancestry and genetic predispositions to health-related topics.
The AGO finds the fact that the reported breach involves data belonging to one million users of Ashkenazi Jewish heritage and 100,000 users of Chinese ancestry particularly alarming.
TechCrunch reported that the company “confirmed that hackers accessed the personal information of about 5.5 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.”
23andMe also confirmed
Additionally, the AGO has requested thorough information on 23andMe’s security protocols and future measures to prevent similar breaches.