A data breach at the genetic testing and ancestry company 23andMe resulted in the black market sale of at least one million data profiles of people with Ashkenazi Jewish heritage and hundreds of thousands of individuals with Chinese ancestry, authorities said Tuesday as they announced an inquiry.
Connecticut Attorney General William Tong is seeking details of the data breach that exposed sensitive records for more than five million users, including specifically those of Ashkenazi Jewish and Chinese heritage.that customer profile information shared through the company’s DNA Relatives feature had been accessed without authorization.
Tong’s letter declares the data breach “resulted in the targeted exfiltration and sale on the black market of at least one million data profiles pertaining to individuals with Ashkenazi Jewish heritage,” as well as “hundreds of thousands of individuals with Chinese ancestry.” headtopics.com
“The increased frequency of antisemitic and anti-Asian rhetoric and violence in recent years means that this may be a particularly dangerous time for such targeted genetic information to be released to the public,” Tong’s letter to 23andMe said.
MORE: Makers of at-home DNA test kits seek to help customers cope with surprising, life-changing results 23andMe has not yet submitted a data breach notification to the Office of the Attorney General, which is required under Connecticut’s data breach notification law, according to the letter, which also notes the company has 60 days to do so “after discovery of the breach.” headtopics.com
The letter further said the breach calls into question the company’s compliance with the Connecticut Data Privacy Act, which “provides Connecticut consumers with important rights over their personal data and imposes corresponding privacy and data security obligations on companies that maintain and process personal data.”